Twitter has around 300 million active users every month, 46% of which are on the platform on a daily basis and are exchanging 500 million tweets every day. That’s some statistics for you! Now let’s put it in context. How many of those 500 million daily messages do you think contain some form of malware? And how many of those 300 million users do you think might have malicious intentions aimed at you or other Twitter users? We are all in danger everywhere – even in cyberspace – so we must be careful who we communicate with and how. To that end, we give you 4 steps to secure your Twitter account and protect yourself.
1) Enable two-factor authentication (2FA)
Having a strong, unique password is an important first step to securing your account, but passwords can be easily guessed or generated by an attacker, so they’re not enough to stop someone in their tracks by themselves.
Your best shot at keeping someone out of your account is to also enable two-factor authentication, which means you’ll need a second factor – like a numerical code or physical key – to prove it’s you when you log in to your account. It’s extremely unlikely that someone trying to break into your account has both your password AND access to your unlocked phone, so it significantly reduces the chance of an account break-in by enabling two-factor authentication.
How to do it: To enable 2FA on your Twitter account, log in and click your profile icon, then go to Settings and privacy. Scroll down to Login verification, which is what Twitter calls two-factor authentication.
Twitter begins the setup with a text message (SMS) code, but once you have 2FA set up you have the option to stick with an SMS code, use a physical security key, or use a mobile authenticator app. Many people prefer to use SMS as it’s easiest, but this method has its own security flaws, so we recommend using an authenticator app on your phone.
For good measure, you may also wish to enable password reset verification, which will require you to confirm your email or phone number if someone (hopefully you) asks to reset your password.
2) Choose who can contact you
Twitter is great as a big, open platform where anyone can join in the conversation. But that openness can also be a bit of a pain, as harassers and crooks love the platform’s openness too. There’s a very simple way to make sure you aren’t bothered by lazy spammers who are just out to blast Twitter accounts with links to malware as quickly as possible – choose who can contact you via direct message or by public reply.
You can select to only allow people you have opted in to follow to send you a direct message (a private message that does not have a character limit, unlike standard tweets), and you can also choose to enable quality filters on regular tweets that you receive, so tweets by profiles of “low quality” will never reach you. This means that if someone with a phony account tries to send you a potentially phishy link, they’ll have to do a lot more work just to set up their account and get past basic quality filters and most spammers won’t bother.
How to do it: To only allow people you follow to send you a direct message, go to Settings and select Privacy and safety from the left-hand menu, and then deselect Receive direct messages from anyone.
To enable the Twitter quality filters, go to your Settings and select Notifications from the left-hand menu. Under Advanced, select Quality filter.
On this page, you can also opt to Mute notifications from people who have a default profile photo and haven’t confirmed their email address, which will filter Twitter accounts that haven’t finished their basic profile setup.
3) Check your connected apps
Do you remember which apps you’ve authorized to have full access to your Twitter account? It’s painlessly easy to sign up to a service using Twitter, but how long do you want that service to have that kind of access? It’s worth reviewing your connected apps to see what’s still lingering in there, and if you see something you don’t remember authorizing or haven’t used in a while, it’s time to revoke its permission to your account.
How to do it: In your Settings, select Apps and devices from the menu and take a look at the apps that are listed as connected to your account. Hit for any app that you no longer need or want.
4) Protect your tweets
While the idea behind Twitter is that the conversation is public and open to everyone, you can opt to protect your account, which makes your tweets visible only to people that you’ve opted to follow.
Twitter itself notes that if you have tweeted publicly and then later change your account to “protected,” it’s very possible those initially-public tweets will continue to live on publicly in perpetuity – so protecting your account is not an “oops” button for erasing tweet you’ve regretted sending, but it is a good way to make sure you know exactly who’s reading your words.
How to do it: In Settings, select Privacy and safety. Under Tweet privacy check Protect your Tweets. You can always un-protect your tweets and make your tweets public if you ever change your mind.