Twitter Reinforces Password Security Process

In a post-Heartbleed world, you can never be safe enough.

At least, that seems to be the mantra over at Twitter these days, who was undeniably one of the larger companies to be affected by the bug that started taking no prisoners in mid-April, and continues to plague smaller servers nearly a month after first being discovered.


Photo: 1000 Words / Shutterstock

The micro-blogging service has now announced the implementation of their new password reset function, which will offer a set of fresh choices to users who are attempting to regain access to an account that might have been hacked or they lost access to for one reason or another.

The new service will let you choose whether you want to send your password to your recovery phone number included in the account, or to the email address you originally used to sign up with.

“The new process lets you choose the email address or phone number associated with your account where you’d like us to send your reset information. That way, whether you’ve recently changed your phone number, or are traveling with limited access to your devices, or had an old email address connected to your Twitter account, you’ve got options. We’ve also made it easier to reset a lost password on your iOS or Android device and have added some customized tips to help you strengthen your account security in the future.”

Services like Google and Yahoo have both offered a similar level of security for their email clients, allowing users to establish multiple backup emails and phone numbers that can be called upon in case a user loses contact with their account in any number of possible scenarios.

Twitter will also be instating a new way to detect whether or not the person attempting to use your login is actually you by recording IP addresses, and cross-referencing reliable data with anomalies that might pop up from somewhere halfway around the world that isn’t from the computer or phone you depend on to access their service normally.

They also linked to a previous blog written in mid-February which lists the many different ways users can be sure their passwords never fall into the wrong hands through brute force encryption cracks or otherwise.

Some of these steps include standard advice you’d expect from anyone involved with keeping user data safe, but it’s still useful information to stick by nonetheless:

  • Use a strong password.
  • Watch out for suspicious links, and always make sure you’re on before you enter your login information.
  • Don’t give your username and password out to unknown third parties, especially those promising to get you followers or make you money.
  • Make sure your computer and operating system is up to date with the most recent patches, upgrades, and anti-virus software

Although we’ve just spent the past day or so thoroughly debunking that last idea (read more: “Symantec Declares Anti-Virus Dead“), the first three are valuable tips that any user should follow not only for their Twitter passwords, but for all the credentials they use to login to their favorite online services.