Skip to main content

You may have heard the recent news that Twitter discovered a bug that stored passwords “unmasked” in an internal log. What does this mean? If you are a Twitter user, your password could be exposed. Twitter says that there are no signs of a breach or misuse by anyone currently, but it’s still a good idea to change your password. Did you use the same password for other accounts? Change those, too.

Here are some tips on creating passwords:

  • Make your password long, strong and complex. That means at least twelve characters, with upper- and lowercase letters, numbers, and symbols. Avoid common words, phrases or information.
  • Don’t reuse passwords used on other accounts. Use different passwords for different accounts so that, if a hacker compromises one account, he can’t access other accounts.
  • Use multi-factor authentication, when available. For accounts that support it, two-factor authentication requires both your password and an additional piece of information to log in. The second piece could be a code sent to your phone, or a random number generated by an app or token. This protects your account even if your password is compromised.
  • Consider a password manager. Most people have trouble keeping track of all their passwords. Consider storing your passwords and security questions in a reputable password manager, an easy-to-access application that stores all your password information. Use a strong password to secure the information in your password manager.
  • Select security questions only you know the answer to. Many security questions ask for answers to information available in public records or online, like your zip code, mother’s maiden name, and birth place. That is information a motivated attacker can get. And don’t use questions with a limited number of responses that attackers can easily guess – like the color of your first car.
  • Change passwords quickly if there's a breach. If you get a notification from a company about a possible breach, change the password for that account right away, and any other account that uses a similar password.

For more information on keeping your information secure, check out our article on Computer Security.

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

May 07, 2018
This process fails to include NOT using full words, company names or abbreviations or other PII easy access terms / names of the individual.
May 08, 2018
I try and pass your information to Facebook but Facebook keeps stating bad or incorrect URL. I have always passed before. Now I cannot
May 08, 2018
Yes, I did
May 08, 2018
Will come up with a really crazy password.
May 08, 2018
The suggestion to change passwords on Twitter accounts may be moot. The spies hacking scan using other more disturbing methods to covertly steal your passwords. Please check the cognitive security offices networks. I am sure they are compromised networks. I still cannot figure how CHINA ended up owning FEDERALCOURTS.COM A TOP LEVEL DOMAIN, PREVIOUSLY OWNED BY U.S. INTERESTS. YES, change passwords, but the method to steal passwords is more sophisticated than that. Game Theory is one method used to steal atomically. The agents play by hacking memory. Espionage, not intelligence has permeated networks.
May 09, 2018
If you use twitter, please read this from the FTC.
May 09, 2018

In reply to by MilamRealtor

Don't know if I have Twitter acct. or not. How to find out?
May 10, 2018
June 05, 2018
No need for me to change mine, no one could ever guess my super ultra secret password!
dece3Don't use…
December 14, 2018
how to change password ?