Happy World Password Day. In some spectacular timing, Twitter's 336 million users are being cautioned to change their Twitter passwords immediately, following an embarrassing revelation of an error in how password data is stored by the company. Yes, it's a pain, but this means you, too, need to change your Twitter password straight away.
It's important to understand that no Twitter accounts are thought to be at immediate risk, and there hasn't been a reported data breach. However, Twitter's warning has particularly important ramifications for anyone (this author included) who's guilty of re-using the same password on more than one account.
We explain what you need to know about the Twitter password fiasco, plus how you can quickly secure your account.
Twitter Password Bug Explained
Companies are under more pressure than ever to store sensitive personal data in a secure, watertight fashion. The penalties for an avoidable data breach are harsh – as well as losing customer trust, there are hefty financial fines for global companies under the imminent European General Data Protection Regulation (GDPR).
Twitter stores its user passwords under a safe cryptographic hashing system. They're hidden from prying eyes and can't be accessed. But there's a problem: Twitter identified a bug in its system that meant all user passwords were also being recorded as a plaintext file, stored on its servers.
That's beyond bad – ever been told not to write all your passwords down somewhere in a document, in case somebody else comes across it? Turns out, Twitter has inadvertently done this on a colossal scale.
Again, no one has accessed or stolen this log of password data, and nor has the information been leaked in any way. But Twitter is rightly taking the matter seriously, and cautioning customers via alerts on its services, plus an official Twitter blog post to change their passwords immediately:
“Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password.”
How to Change Your Twitter Password
Changing your Twitter password is a simple enough process, so don't delay.
On a desktop, open your Twitter account, then click Profile and Settings (your account icon, top-right, by the search bar) then Settings and Privacy.
Select Password from the left-hand menu, then enter your current password before creating a new one.
The process is broadly similar in the mobile app version of Twitter. Tap your Account icon then Settings and Privacy.
Next, tap Account > Login and Security > Change Password.
How to Create a Secure Password
So, you've made it as far as changing your Twitter password – that's a good start. But how do you make sure that your new one is secure?
The theory behind the perfect password keeps on evolving. The good news is that the general consensus is no longer that you need to create a convoluted mess of upper and lower case characters, symbols and numbers. Instead, stick to a few core password security mantras:
- DO use unique passwords for every service you use. Otherwise, if one is ever breached, and you re-use that password and email address combination elsewhere, you're at serious risk.
- DO create a long password. The most secure type is a long combination of words put together as one phrase – for instance, “iwishihadabetterpassword”. Don't use that example, though!
- DON'T pick one of the “classics”. They're not smart, they can be guessed, and the days of “12345”, “passwd”, “mypassword” and “qwerty” need to be consigned to history, fast.
- DON'T delay, particularly in the case of the Twitter password issue. Change your password for this service straight away, and have a good hard think about how many other accounts you may have used this same password on.
- DO consider a Password Manager. They're easier to use than you may assume, and the likes of DashLane and LastPass can safely generate unique and secure passwords for all of the sites and services you use. Best of all? They'll remember all your passwords, so you won't have to.
For more, see our guide on how to create a secure password to protect your accounts.