There have been several instances of Twitter accounts being hacked in the past few months. Cyber criminals usually target Twitter accounts with large number of followers using stolen credentials and scam links.
In addition to potentially misusing private information for financial gain, hacktivist campaigns also allow attackers to leak Twitter user account information and upload email content, database dumps, and other sensitive information through Twitter handles.
In response, the Indian Computer Emergency Response Team (CERT-IN) has published a list of actions users can take to ensure their accounts are not hacked.
The following best practices are recommended to secure Twitter accounts:
1. Use a strong account-specific password – Create a long and strong password specifically for Twitter and make sure that password is not used elsewhere. A secure password contains uppercase letters, lowercase letters, numbers and symbols. Password management software can be used to keep all your login information safe. A password should not contain personal information, phone number, date of birth, etc.), common dictionary words and sequences (1234, abcd, etc.).
2. Use Two-Factor Authentication – Two-factor authentication is an extra layer of security for a Twitter account. A security code or security key can be used in addition to a password to increase authentication security. A Twitter user can enable this feature in the security settings. After this feature is enabled, a user will need a password and a secondary sign-in method, either a passcode, sign-in verification via an app, or a physical security key, to sign in to the Twitter account.
3. Beware of phishing – Attackers attempt to access private information through tweets, emails and direct messages on Twitter. Beware of suspicious links and always be careful when entering credentials.
4. Beware of Social Engineering Techniques – Never give out usernames and passwords to anyone, especially those promising to gain followers or financial benefits.
5. Use Twitter on secure devices – Make sure Twitter is accessed from secure devices (computers, mobile phones, tablets, etc.) that are updated with the latest software upgrades and antivirus software.
6. Check notifications from Twitter – When a user logs into a Twitter account from a new device for the first time, Twitter will send a push notification or email to the user as an additional layer of security for the account. Each time the email address associated with the Twitter account is changed, Twitter will send a notification to the previously used account email address. In the event of an account compromise, these alerts help take steps to regain control of the account.
7. Use third-party applications with caution – There are many third-party applications that use Twitter accounts to log in. A user should be cautious before allowing third party applications to access their account. It is advisable to monitor the applications that have access to the user’s Twitter account. A user can revoke access for applications that they do not recognize or that are tweeting on their behalf by going to the Applications tab in Account Settings.