How to change your Twitter password
Twitter revealed on May 3, 2018 that the company stored user passwords in plain text for a considerable amount of time. The company patched the issue and investigated potential breaches but concluded that there was "no indication of breach or misuse by anyone".
User passwords were "written to an internal log before completing the hashing process". While Twitter's investigation did not find indicators for abuse, it recommends that all Twitter users change account passwords and implement additional security protections if not activated already on the account.
This guide walks you through the steps of changing the Twitter account password. It furthermore points to additional security protections that you may want to enable on the account to improve security significantly.
Change the Twitter password
Complete the following steps to change your Twitter account password:
- Load https://twitter.com/settings/account directly. The page lets you change the Twitter account password directly.
- You can go to the page manually as well if you prefer that.
- Open the main Twitter website.
- Click on the account icon in the upper right corner next to Tweet, and select "Settings and privacy" from the menu.
- On the page that opens, select Password listed in the sidebar.
- Type or paste your old account password and twice the new password that you want to use from that moment on.
- Select "save changes" to apply the change.
Twitter checks if apps are linked to the account and suggests to review the applications. It is recommended that you do so as you may want to revoke access to any application which you don't use anymore.
While changing the password is all that is required to protect the account from potential abuse of Twitter's faux pas, you may want to consider enabling login verification on top of that.
Login verification is a two-factor authentication scheme that adds a second verification step to the login on Twitter.
Note: Twitter sends SMS with codes to your phone when you sign in and you need to type the code to authenticate. It is required that you link the Twitter account to a phone because of that.
Here is how you enable the option:
- Load https://twitter.com/settings/account in the browser's address bar.
- Select "set up login verification" under Security on the page that opens.
- Skip the introductory page.
- Type the account password.
- Add a phone number by selecting the country and typing the phone number.
- Select "send code" to test the phone number and make sure it is correct.
- Type the verification code that Twitter sent to the phone.
- Select "get backup code". You may use these codes in case your phone is lost or that you don't have access to the phone anymore.
- Store the backup code in a secure location, e.g. password manager.
When you sign in to Twitter after setting up login verification, you start the process as usual but are asked to enter the code sent to your mobile phone in a second login verification step.
Now You: Do you use Twitter actively?