Yes, you should change your Twitter password - but don't panic  - twitter dazed - Yes, you should change your Twitter password

users should have received the following notification from the site by now:

When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of or misuse by anyone.

Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. You can your Twitter password anytime by going to the password settings page.

About The Bug

We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard.

Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.

Twitter email  - twitter email - Yes, you should change your Twitter password

Some important things to note:

1. The sky is not falling. There is no indication that anyone managed to access or misuse the file containing plaintext passwords of Twitter users. In the big friendly words of Douglas Adams, “Don’t panic!”

2. Furthermore, even if someone had managed to access the passwords, your account would still have been protected if you had Twitter’s additional layer of two-step verification (known as Login Verification on Twitter) enabled. Here is our guide on how to enable Twitter Login Verification.

3. When I heard about this issue late last night, I didn’t let it ruin my sleep. I waited until I got up this morning and then changed my password. I already had Login Verification enabled because, well… I’m sensible.

. If you were using your Twitter password elsewhere on the web, you should give each of those other online accounts new passwords too. This isn’t because there’s a high risk that the Twitter passwords have been exposed to bad guys, but simply because what you are doing is unsafe.

Reusing passwords is a really bad idea, and just makes life easy for online criminals.

5.Yesterday was World Password Day. I actually believe every day should be World Password Day, but I find it warming that it was the same day that Twitter told its users to sort out their passwords.

If you want to be serious about password , you should get yourself a decent password manager. And if you want to learn more about the benefits of password mangers, and password-related issues, be sure to listen to our “Smashing Security” podcast on the topic.

6. Twitter has been very open and public about something which, frankly, probably isn’t a huge concern. They could have just fixed the problem and swept it under the carpet, and avoided any potential embarrassment. But they did the responsible thing instead.

My hope is that with GDPR around the corner, we will see more companies adopt this approach and do what’s in the best interests of their users’ rather than their brand.

Ultimately, websites will enhance their reputation by being upfront and honest when something goes wrong, rather than hiding it.

- aa9ea0686c5d1aa9086d4b12c3aa05f2 s 80 d mm r g - Yes, you should change your Twitter password

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and gives presentations on the topic of computer security and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Follow @gcluley

Source link


Please enter your comment!
Please enter your name here