Twitter has just revealed that it committed a monumental security error by exposing users' passwords in plain text. The company says there have been no signs of a security breach linked to the registry that contained those login credentials, but make no mistake. It is 2018. You must change your password, on Twitter and with any other account where you have repeated that password, and protect your Twitter account immediately. The full scope of what happened here is still unclear (or how many users were directly affected), but there is no problem in taking immediate action.
Change your Twitter password
On the web : go to Twitter.com click on your profile picture in the upper right corner, choose Settings and privacy and then when the next page loads, select Password from the list on the left side. Twitter will ask for your current password and then the new one. Use a strong and unique password. And never repeat them among multiple services, applications and online accounts.
From the mobile app : Tap your profile picture in the upper left corner and choose Settings and privacy. Then Account followed by Change password . Again, make sure your new password is used exclusively for your Twitter account.
Enable verification of login (two-factor authentication)
A single password is not enough as a wall between you and people with technical intelligence and bad intentions. In addition to changing your Twitter password, blocking your account to the maximum extent possible requires enabling the company's login verification feature .
This two-factor authentication process can send a code to your mobile phone number each time a new device tries to log in to your account with the correct password. Or you can generate your own code within a third-party application created for that specific purpose, such as Authy. The last approach is more secure since the SMS itself can be compromised.
Activation of verification of login from the web:
- Click on its icon then click on Configuration and privacy .
- Choose Account and then Configure login verification . On your mobile, there is an additional step here where you should touch on the section Security under Settings and privacy.
- Read the general information instructions, then click Start .  Enter your password and click Verify .
- Click Send code to add your phone number if that is the verification method you want.
- Enter the verification code sent to your phone, press Send and the login verification will be enabled.
Using a third-party application to generate secure login codes:
- Click or tap its profile icon then click on Settings and privacy .
- Choose tab Account .
- In Security and next to Verification of login click Check your login verification method to get started.
- Enter your password and click Confirm .
- Search Mobile Security Application and should see a Configure next.
- Read the instructions and then press Start .
- Verify your password if requested.
- Next, it will display a QR code that will scan with the application that will generate your Twitter login code. Once this is done, you should see that the application automatically generates a code of six digits. The code changes every 30 seconds.
- Enter the currently active code in the text field Security code and click Done .
What applications should I use to generate login codes?
Some password managers, including 1Password, offer built-in code generators for two-factor authentication. Other applications designed specifically for two factor codes include:
Authy (iOS / Android)
Google Authenticator (iOS / Android)
Microsoft Authenticator (iOS / Android)
LastPass Authenticator (iOS / Android)