Twitter accounts are juicy targets for scammers and malware distributors. Once someone compromises your Twitter account, they can send out tweets with links to scams and malware, bombarding your followers with their junk. Strengthen your Twitter account’s security and prevent it from being used to attack your followers with these tips.
Twitter has improved security over time by enabling HTTPS for everyone (you can’t even opt out of it anymore), but there are still many things you can do to secure your Twitter account. Unfortunately, Twitter doesn’t yet offer two-factor authentication.
Manage Third-Party Apps
When you allow a third-party application to access your Twitter account, Twitter remembers this and always allows the application to connect in the future. You should select the third-party applications you use carefully – some applications request permission to send tweets and direct messages. If the application is malicious or becomes compromised in the future, it could use your Twitter account to send out spam messages.
To manage the applications allowed access to your account, click the Apps tab on the settings page. Use the Revoke access button to disable access for applications you no longer use.
Don’t Reuse Passwords
The standard advice to use a strong password still applies, but it’s important that you don’t reuse passwords. If you use the same password for your Twitter account as you do for other services, it’s possible that a security leak at another service could expose your password and give malicious people access to your account. This isn’t just a theoretical problem – there have been a long string of password leaks at websites as big as Yahoo!, LinkedIn, and eHarmony. Many people have had accounts at various websites stolen because they reused a password that became public knowledge.
You can change your Twitter password from the Password page in Twitter’s account settings.
To help manage all these unique passwords and simplify your life, decide on a password management strategy.
Use a URL Expander
Twitter’s character restrictions mean that many people use URL shorteners like bit.ly to share URLs. Instead of seeing a link like http://badwebsite.biz/scam, you’ll see something like http://bit.ly/ABcd. You won’t find out where the link goes before you click it.
You can use a URL expander to “unshorten” these short URLs, revealing the full address they go to without first clicking the link. There are two different types of URL expanders you can use – a web-based one that allows you to copy-paste links into a web page or a browser extension that automatically unshortens links on Twitter after you install it.
LongURL is a good web-based URL expander. For more options, read: Reveal Where Short Links Really Go To With These URL Expanders
You should access Twitter by typing twitter.com into your address bar or using a bookmark instead of clicking links on other web pages. Make sure your address bar says twitter.com, not something sneaky like twitter.com.ru.
(Yes, we have links to Twitter’s various settings pages in this article to help you out — but trust no one online. Check your address bar and make sure you actually end up at twitter.com after you click them; it’s good practice.)
If you unexpectedly see a Twitter login page after clicking a link on Twitter – or anywhere else on the web — don’t just type your password in. Check that you’re actually on twitter.com.
Restrict Password Resets
Twitter allows anyone to initiate a password reset for your account by simply entering your @username. You’ll receive a password reset email if this occurs. If you accidentally click the link in the email, your password will be reset. To lock down this feature – particularly useful if you’re receiving password reset emails other people are initiating – open your Twitter account settings page.
Scroll down to the bottom of the page and enable the Require personal information to reset my password checkbox to the right of Password reset. You’ll have to enter your email address or phone number to initiate a password reset.
Improve Your Browser & Computer Security
Assuming you’re accessing Twitter from a web browser on your computer, improving your browser’s security will allow you to click links in tweets without worry. Here are the things you can do:
- Keep your browser up-to-date. New browsers are set to automatically update themselves these days, so you should be good as long as you’re not using Internet Explorer 6 or disabling these automatic updates.
- Ensure your browser plug-ins are completely up-to-date. You can check your installed plugins here. Consider uninstalling plugins you never use, like the Java plug-in.
- Use an antivirus. If you don’t have an antivirus installed on your computer, you can download some great ones for free (but make sure you only install one!).
- Update your operating system regularly. Set Windows Update to install updates automatically – or at least alert you to new updates – if you’re using Windows.
Lend a Helping Hand
If you ever see a friend send out scammy-looking tweet or direct message, contact them and let them know their account has been compromised.
Whether it’s your friend’s account or your account, follow Twitter’s instructions for recovering from a compromised account: change your password, revoke connections to third-party apps, and add the new password to the Twitter apps you use.
Have you ever had your Twitter account compromised? Do you have any other tips to secure your Twitter account? Chime in in the comments!