So, you’ve read our very own Shane Ryan’s story about being hacked on Twitter. Shane’s experience is far from a nice tale, and proof that even employing multitudes of common sense, the best defense against many cyber attacks (don’t click suspicious links!), is often not enough. What can you do to reduce the chances of being hacked? We’ve got some handy advice on how to keep your Twitter account locked down.
It’s the simplest thing to do but one of the most important. Log in to your Twitter account, go to Settings and privacy, click the Account tab and scroll down to Security. Hit the Verify login requests box and you can have a SMS message sent to your phone number any time there’s a log in attempt on a new device. It’s not completely fool proof, as The Verge noted yesterday in its feature on two-step verification, but it’s the best line of defense Twitter currently offers. It’s also something that’s available for most other services you use from Gmail to PSN, so you should set it up everywhere you can.
If you’ve just been hacked, one of the first things Twitter suggests is resetting your password. This requires access to your email account that’s linked to your Twitter profile. Obviously, if your email address has been compromised too, that’s no help, but in many cases a simple password reset will restore your access. Make sure you use an email address you always have instant access to, such as one that you check on your phone regularly.
Ideally, you want your password to be something so convoluted that you struggle to remember what it is. That’s where using a password manager app like LastPass or 1Password comes in handy. Set it up and you’ll never have to remember a password again. Even better, it’ll come up with more powerful suggestions than you could possibly imagine. Change your password frequently for additional protection. Never use the same password for more than one service, and never share it with anyone.
Twitter has an option where it requires personal information to reset your password. It’s switched off by default, but you should definitely turn it on. By doing so, you’ll be asked to verify your phone number before you can request a password reset with just your email address. While it’s possible a hacker could know your phone number, in the event they don’t, they won’t get any further than resetting your password.
Go to Twitter Settings and scroll down to Apps. Odds are that plenty of apps have access to your Twitter account. It’s likely that you hardly use many of these. How many times have you briefly tried a new Twitter app then uninstalled it moments later? You need to remember to Revoke their access from within Twitter. If that app or website is compromised, your Twitter account can be compromised alongside it. It’s the classic reason behind why you’ll sometimes see people post unusual links before deleting them promptly. It’s because their account has been briefly accessed through a vulnerable app they used a while back. Clean it all up and stick to only the apps you’re confident about.