In this article you will learn How To Protect Your Twitter Account From Hackers. We will look at some very basic techniques such as the importance of a Strong Password to setting up advanced level security with two-factor authentication. We will also explore certain aspects of Social Engineering hacks. Do not worry it is not as hard as it sounds! Twitter makes it really simple to set these things up.
One of the reasons why I thought about writing this article is because of the recent Twitter hack. Hackers got hold of major Twitter accounts, such as the likes of former President of US Barack Obama, Joe Biden, Elon Musk, Bill Gates, Kanye West, Michael Bloomberg, and Apple just to name a few. Hackers then used these accounts to promote a fake bitcoin giveaway and people nearly lost $120,000 in the process.
You would be surprised to know How Hackers were able to pull this off. Look at this tweet by Twitter’s official support handle.
Basically, Hackers tricked Twitter’s employees who had access to critical internal tools into giving up confidential access related information. In such a case you could not have done anything from your end to secure your account. But why I am mentioning this incidence here is because if an employee of twitter can fall pray to hackers, you too can. It is way too easy for hackers to breach your account. All the hard work and time you have put into growing your twitter account can be at jeopardy at the snap of fingers.
In this article I will discuss all the ways in which you can secure your twitter account from your end. Lets begin.
Choose A Strong password
I know you have heard this a lot before but I am going to be the guy to tell you that having a Strong Password should be your first priority. This is your first line of defense against intruders.
A weak password can be cracked with simple brute force techniques in a matter of seconds.
So I recommend that you always use strong passwords by following the guidelines on the right-hand side/below for mobile users.
I also recommend that you use a password management App such as Google Password Manager to generate and store your passwords securely.
Change your password regularly
Just having a strong password is not enough. It is also strongly recommended that you change your password every 90 days. This is to ensure that
- Access to your account from “older devices where you had logged onto and forgot to sign out of it” is blocked.
- Continued access to your account is prevented, if in case your account is breached without your knowledge.
Do not use the same password across all websites
People find it cumbersome to remember a separate password for each of the websites they visit. Using one password across all websites can be catastrophic as it makes all of your other accounts vulnerable too.
As mentioned earlier use a password manager app to manage your passwords effectively and choose a separate password for each website.
Two-factor authentication also is known as “two-step” authentication or 2FA for short. It is the second layer of security mechanism that protects your account(In this case your Twitter account) against intruders.
Let’s say your password is breached somehow. With two-factor authentication enabled, the hacker now needs to breach one more layer of security in order to access your account.
Twitter provides three ways in which you can configure Two-factor authentication for your account. To set it up, login to your twitter account and navigate to Settings ->Account->Security->Two-factor authentication, you will see the below options.
1. Text-message based two factor authentication
In this method the second layer of security asks for a login code that is sent to the configured phone number.
FYI:The first layer of security is your user name and password.
To configure click on the checkbox next to the “Text message” option. It will present you with a guided flow to configure Text-message(SMS) based 2FA.
It will ask you to enter your current password, to confirm that it really is you who is setting up the 2FA.
Next, it will present you the below screen and when you click on Send code, it will send a twitter login code to your configured phone number.
Enter the login code and click on Next.
To test the setup:
- Go to incognito mode in your browser and log in to your Twitter account.
- After you enter your email and password, you will be presented with another dialog box something like below.
- By this time you would have received an SMS with a twitter login code on your phone. Enter the code and hit log in.
Now for some reason, if you do not receive the text message for whatever reason, you can use the back up code to login.
- Click on “Choose a different two-factor authentication method” to choose another way to login.
- It will present you with all the other possible 2nd layer of authentication methods.
- At the moment you will have only two options Text message and Backup code.
- Chose Backup code option and enter the backup code and hit login.
Text message-based two-factor authentication is an effective way to keep the intruders at bay. But it still has some nuances and loopholes.
Undelivered Text Message
SIM Swap Fraud
Using various phishing and social engineering techniques, an intruder can obtain a duplicate copy of your SIM card and can have access to your Twitter login code thus compromising the security of your account.
Malicious Apps on you mobile
2. Authentication App based two factor authentication
In this method, the second layer of security asks for a login code that is generated by an Authentication app that is installed on your mobile.
This option can be enabled independent of if the Text message-based 2FA is enabled or not
Authentication App based two-factor authentication is more secure than the text message based set up as it eliminates the above limitations.
Before you set it up, you need to install an Authenticator app on your mobile. I recommend Google Authenticator.
Click on the checkbox next to “Authentication app”. It will present you with a guided workflow to set up Authentication app-based 2FA.
In the first step you will see a QR code, now open the “Google Authenticator” app on your mobile and scan the QR code.
On the Authenticator app on your phone you will see a new entry of code displayed for your twitter account with a timer ticking. The code will be refreshed once the timer resets.
Click Next on the QR code screen, it will present you with the below screen.
Enter the code from Authenticator app and click on Verify.
That is it. You have configured Authentication app based two factor authentication successfully.
- If you lost your phone where the Authenticator App is set up
- If you delete the Authenticator app by mistake
- If you delete the Twitter account entry on your Authenticator App
You are relying on a third-party app like Google authenticator.
3. Security key based two-factor authentication
In this method, the second layer of security is provided by a key stored on a USB drive.
In order to enable this either Text message or Authentication based 2FA needs to be activated already.
Prerequisite: You need a USB Drive.
How to Get Backup Code for Twitter 2FA
Either you have set up Text message or Authentication app-based two-factor authentication or both you need to get a copy of the Backup code and store it safely.
Back up codes can be used when you cannot use any other 2FA method to log in. Do not at any cost skip this step and also remember that the Back up codes are Single Time use only.
Once you use backup code get the next set of back up code by going to Settings ->Account->Security->Two-factor authentication->Additional Methods->Backup codes.
Allow only trusted third party apps
There are times you want to use third-party apps and you log in to them using your Twitter credentials. When you do that you are basically allowing(granting access) those Apps to tweet on your behalf and do a lot of other things.
For example, I use Hypefury app to schedule my tweets. When I want to login to Hypefury it uses twitter’s authorization server. Do not worry about what an authorization server is. The point is HypeFury needs Twitter’s and your permission to tweet on your behalf.
Side Note: I love Hypefury
Hypefury is an app that I often use to schedule my tweets which saves me a ton of time. It lets me engage with my followers effectively. If you are serious about Twitter, this app is a must. Check it out by signing up for a free trial.Sign Up For A Free Trial
When you click on Sign in with Twitter you are presented with a screen to enter your Twitter credentials. Here it also lists out what all permissions you grant to Hypefury by logging in.
In your twitter account you can check all the 3rd party Apps for which you have given permission to act on your behalf by going to Account->Data and permissions->Apps and sessions.
Below I see Hypefury but I can also see six other apps for which I have given permission to.
I no longer need “Audit and Block Fake Followers” app. So what I can do is, I can click on the App and revoke access. After I do that, this App will no longer have access to my twitter account.
You should regularly check for Apps that have access to your account and revoke access to unnecessary Apps. And in the first place never authorize any suspicious Apps.
Why this is important?
Imagine if an App goes rogue or if that 3rd party app somehow gets compromised, it means that the hackers can take control of your twitter account since they have the permission to tweet, retweet, follow, un-follow on your behalf since the App which has your permissions is compromised.
From the technology point of view, we have secured your account by taking all the necessary precautions. But there is one other way hackers will still try to steal your credentials. Yes it is via the social Engineering tactics.
According to Wikipedia Social Engineering is the psychological manipulation of people into performing actions or divulging confidential information.
Yes it is the same tactic that was used by hackers to trick Twitter employees into revealing confidential information which lead to a massive breach.
Social Engineering is by far one of the most successful attacks. You won’t believe how many people fall for these tactics day in and day out.
These are some strict guidelines:
- Never Share your password with anyone
- Never share your Twitter log in code
- Never leave your phone unattended
- Keep your USB safe, if you used Security Key method of 2FA
Always remember this, no matter what never share your credentials with anyone. I repeat again, No matter what! Even if Twitter CEO Jack Dorsey comes and asks for your credentials, the answer is still a BIG NO!
We have covered a lot of ground here and it is time to conclude. I urge that you secure your account today,
- By setting a strong password
- By setting up at least one of the Two-factor authentication methods
- Use only legitimate Third Party Apps and revoke access when the App is no longer needed.
- And last but not the least, DO NOT SHARE YOUR CREDENTIALS WITH ANYONE.
I am sure these guidelines will help you protect your twitter account from hackers. Let me know if I missed anything that you would like to know in the comments below.
I would love for you to join me on Twitter. I often tweet about Twitter growth hacks and affiliate marketing tips.