Tuesday, December 28, 2010

Safe Tweeting - Keeping Your Account Secure

Safe Tweeting: The Basics

We want Twitter to be a safe and open community. This help page provides some information and tips to help you practice safe Tweeting and keep your account secure. Here are some basics:
  • Use a strong password.
  • Watch out for suspicious links, and always make sure you’re on Twitter.com before you enter your login information.
  • Don't give your username and password out to untrusted third-parties, especially those promising to get you followers or make you money.
  • Make sure your computer and operating system is up-to-date with the most recent patches, upgrades, and anti-virus software.
We're working to improve our responses to security threats, but user accounts and computers can sometimes become compromised by phishing, hacks, or viruses. If you think your account has been compromised, please visit our help page for compromised accounts to find out how to fix it quickly!
You can help protect your account by following some easy precautions, discussed below.

Use a Strong and Unique Password

When you set up your account, be sure to choose a strong password (a hard-to-guess password that’s a mix of numbers and letters). It's also a good idea to use a unique password for each website you use; that way, if one account gets compromised, the rest are safe. For more info on selecting a secure password, check out these password tips from Google.
Also, please use a secure and private email address to associate with your Twitter account. If you forget your password, you'll be able to get instructions for resetting it emailed to that address.

Always Check that You're at Twitter.com Before Logging In

Phishing is when someone tries to trick you into giving up your username and password, usually so they can send out spam to all your followers from your account. Often, they’ll try to trick you with a link that goes to a fake login page.

Be wary of weird links in DMs: Be cautious when clicking on odd links in DMs. Even if the link came from a friend, it's possible that their account was compromised and the URL was actually sent out by a spammer.

Make sure you're on Twitter.com before logging in: Whenever you are prompted to enter your Twitter password, just take a quick look at the URL and make sure you're actually on Twitter.com.

You can find the URL in the address bar of your browser. Twitter domains will always have the http://twitter.com/ as the base domain. Here are some examples of Twitter login pages:
Phishing websites will often look just like Twitter's login page, but will actually be a website that is not Twitter. Here are some examples of URLs that are NOT Twitter pages:

If you think you may have been phished, change your password as soon as possible and visit this help page for compromised accounts.

Log in directly at Twitter.com if you're unsure: If you’re ever uncertain of a website, just type Twitter.com into your browser bar, hit enter, and log in directly from our homepage.

We Won't Contact You Asking for your Password

Twitter will never email you, direct message you, or @reply you asking for your password.

We will never ask you to download something or sign-in to a non-Twitter website. Never open an attachment or install any software from an email that claims to be from us; it's not.

If we suspect your account has been phished or hacked, we may reset your password to prevent the hacker from misusing your account. In this case, we'll email you a link to where you can reset your password. Again, this link will always be on the http://twitter.com/ website, and we will never ask you to email us your old password.

If you forget your password, you can reset it yourself at this link.

Tip: If you're getting password reset emails you didn't request, you might consider verifying a phone with your account to prevent other users from mistakenly typing your username into our password reset form. We always ask for phone number confirmation before we send any user-requested password reset emails.

Evaluating Links on Twitter

Lots of links are shared on Twitter, and many are posted with URL shorteners. URL shorteners, like bit.ly or TinyURL, create unique, shortened links that redirect to your longer link so it can be more easily shared. URL shorteners can also obscure the end domain, making it difficult to tell where the link goes to.

Some browsers have free plug-ins that will show you the extended URLs without you having to click on them. Here are links to plug-ins for Internet Explorer and Firefox (which is a free-to-download browser):
In general, please use caution when clicking on links. If you click on a link and find yourself unexpectedly on a page that resembles the Twitter login page, don't give up your username and password! Just type in Twitter.com into your browser bar and log in directly from the Twitter homepage.

Keep your Computer and Browser Up-to-date and Virus-free

Keep your browser and Operating System updated with the most current versions and patches; patches are often released to address particular security threats. Be sure to also scan your computer regularly for viruses, spyware, and adware.

f you're using a public computer, like at a library or school, make sure you always sign out of Twitter when you're done (there's a "Sign Out" link in the upper right of the site).

Assist any Compromised Friends and Followers

If you get a weird link from a follower that you think is a phishing site or a spam site, reach out and suggest they change their password right away. You can also send them to the help page for compromised accounts so they can get more information.

Select Third-party Applications with Care

There are lots of third-party programs and applications you can use with your Twitter accounts. These applications are built on the Twitter platform by external developers and allow you to do an array of neat things with your account. However, you should be cautious before giving up control of your account to someone else.

There are two ways to grant an application access to your account. The first is a secure protocol called OAuth. This is our recommended connection method and doesn't require you to give out your username and password. The other way to connect requires you to give your Twitter username and password and is called Basic Authentication. You can find out more about OAuth and Basic Authentication on our Connecting to Third-Party Application help page.

You should be particularly cautious when you're asked to give your username and password to an application or website. When you give your username and password to someone else, they have complete control of your account and can lock you out or take actions that cause your account to be suspended. Be wary of any application that promises to make you money or get you followers. If it sounds too good to be true, it probably is!

Some legitimate applications do ask for your username and password. These include installed applications you use for tweeting from your desktop or mobile phone. Just be sure to research applications thoroughly before providing account access.

Find out more!

Follow our official spam account, @spam, and our official account for updates from the Trust and Safety team, @safety. We'll update that accounts with information about ongoing security threats and tips to keep your account safe.

Read More Click Here