You may have heard the recent news that Twitter discovered a bug that stored passwords “unmasked” in an internal log. What does this mean? If you are a Twitter user, your password could be exposed. Twitter says that there are no signs of a breach or misuse by anyone currently, but it’s still a good idea to change your password. Did you use the same password for other accounts? Change those, too.
Here are some tips on creating passwords:
- Make your password long, strong and complex. That means at least twelve characters, with upper- and lowercase letters, numbers, and symbols. Avoid common words, phrases or information.
- Don’t reuse passwords used on other accounts. Use different passwords for different accounts so that, if a hacker compromises one account, he can’t access other accounts.
- Use multi-factor authentication, when available. For accounts that support it, two-factor authentication requires both your password and an additional piece of information to log in. The second piece could be a code sent to your phone, or a random number generated by an app or token. This protects your account even if your password is compromised.
- Consider a password manager. Most people have trouble keeping track of all their passwords. Consider storing your passwords and security questions in a reputable password manager, an easy-to-access application that stores all your password information. Use a strong password to secure the information in your password manager.
- Select security questions only you know the answer to. Many security questions ask for answers to information available in public records or online, like your zip code, mother’s maiden name, and birth place. That is information a motivated attacker can get. And don’t use questions with a limited number of responses that attackers can easily guess – like the color of your first car.
- Change passwords quickly if there's a breach. If you get a notification from a company about a possible breach, change the password for that account right away, and any other account that uses a similar password.
For more information on keeping your information secure, check out our article on Computer Security.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.