Social media is ingrained in most of our lives these days, my friend. And with over 300 million daily active users, Twitter has become one of the largest global platforms. But where there‘s a huge engaged audience, cybersecurity risks often follow.
That‘s why I wanted to help you learn how to update your Twitter security and account access settings. By taking a few minutes to configure the options I‘ll cover, you can help protect your account from unauthorized access. Let‘s dive in!
Why Twitter Security Matters
First, some quick stats to provide context on why it‘s smart to lock down your Twitter account:
15% of Twitter users have dealt with account hijacking, according to a 2019 Statista survey.
Verizon‘s 2020 Data Breach Investigations Report found that breached credentials (like passwords) were involved in 29% of social media security incidents.
Symantec‘s 2018 Internet Security Threat Report attributed 18% of malicious email attachments to social media platforms like Twitter.
So while Twitter itself has strong infrastructure security, threats still exist at the user account level. Proactively enabling security controls helps reduce your risk of issues like:
Account takeovers: A bad actor accesses your profile by stealing or guessing your password.
Malicious apps: Compromised or fraudulent apps access your account data through connected app permissions.
Password reset attacks: Attackers use phished information to initiate password resets and takeover accounts.
Suspicious logins: Signs your username/password has been leaked and used to access your Twitter profile.
But the good news is that Twitter provides robust tools to guard against these account security risks – if you know where to look.
Accessing Your Twitter Security Settings
The Twitter security hub where you can configure all these account safety controls is inside your profile settings:
Tap your profile icon on mobile or select "More" on the Twitter website.
Choose "Settings and privacy" from the menu.
Select "Security and account access" on the next settings page.
This opens your security dashboard with three main sections:
- Apps and sessions
- Connected accounts
Now let‘s explore what settings you can customize in each one to better protect your account.
Enabling Two-Factor Authentication
The first stop is the Security page, where you can set up two-factor authentication (2FA).
2FA adds a second step to signing in beyond just entering your password. It involves providing another form of identification like:
A 6-digit code sent via text message or call
A generated login code from an authenticator app
A physical security key you connect to your device
Per FBI recommendations, using an authenticator app is the most secure 2FA approach vs SMS-based codes.
In 2019, Google found that accounts using only SMS 2FA are susceptible to automated phishing attacks 15% of the time. But accounts using security keys have zero successful phishing risk.
Regardless, any type of 2FA is far better than none when it comes to improving Twitter security:
A 2022 SpyCloud study found that Twitter accounts with 2FA enabled faced 80% fewer account takeover attempts from credential stuffing attacks.
Research by Microsoft in 2019 calculated that 2FA blocks over 99% of bulk phishing attacks, even when using less secure SMS codes.
To enable this vital security barrier, just head to your Twitter Security settings and:
Select "Two-factor authentication."
Choose your preferred 2FA method and follow the setup guide.
With 2FA activated, you‘ll need to enter your password + authentication code when logging in. This prevents unauthorized users from accessing your account even if they steal, phish, or guess your password.
Using Password Reset Protection
Also on the Security settings page is the option to enable password reset protection. This makes your account more resilient against takeover attempts using forged password resets.
By default, someone can initiate a Twitter password reset just by entering your account‘s username or email address on the reset form. If they manage to phish your email, they could easily reset your password this way.
With password reset protection turned on, an extra step is added. After entering your username or email, Twitter will also require confirming access to that email or phone number via a code.
This confirmation ensures only you can complete the reset, even if attackers have your login credentials.
Per a 2022 Tenable report, over 80% of social media users have high password reuse across accounts. So protecting your Twitter against unauthorized resets helps secure other accounts.
To enable this extra layer of safety:
Go to your Twitter Security settings.
Toggle on the switch for “Password reset protection.”
With this enabled, you can feel confident that only you will be able to reset your Twitter password going forward.
Revoking Access for Unused Apps
Now let‘s discuss the Apps and sessions section. Here, you can control what third-party apps have access to your Twitter profile and data.
Over time, you may have authorized various apps and services to connect to your Twitter account. For example, scheduling tools to auto-tweet or analytics services to track performance.
According to a 2022 DoControl survey, the average user has connected over 100 apps or sites to accounts like Twitter and Facebook. But leaving integrations enabled poses risks:
If a connected app suffers a security breach, attackers could leverage its Twitter access to compromise your account.
Outdated or abandoned apps may have poor security practices that leave your data vulnerable.
That‘s why Twitter experts recommend auditing your connected apps and removing access for any you no longer use. This cuts off that app‘s ability to post tweets or access account info if compromised.
To revoke app access:
Go to the Apps and sessions page in your Twitter security settings.
Click “Logged in apps” to view your connected apps.
Identify any apps you no longer use.
Select “Revoke access” to remove their account permissions.
Periodically checking for unused apps and disconnecting them improves your overall Twitter security posture.
Disconnecting Linked Accounts
Lastly, head over to the Connected accounts section. Here, you‘ll see any third party accounts like Google or Facebook that you use to log into Twitter.
Linking these accounts makes signing in faster by avoiding separate passwords. However, it also grants that provider some access to your Twitter profile data.
If you no longer want an external account connected to your Twitter login, you can unlink it:
Go to Connected accounts in your security settings.
Locate the account you want to remove.
Choose the "…" menu next to it.
Select “Remove” to disconnect.
Going forward, you‘ll have to log into Twitter using your Twitter password rather than that provider. But this limits external access to your account.
And that covers the key security controls available for your Twitter account! Here are a few final password tips to remember:
Don‘t reuse passwords across accounts – use a password manager to stay organized.
Create a strong, unique password for your Twitter account.
Consider enabling Twitter‘s password reset protection for added safety.
I hope this overview helps you better understand how to update your Twitter security settings, my friend. Enabling options like 2FA and limiting app permissions will go a long way in keeping your account safe from unauthorized access.
Let me know if you have any other questions! I‘m always happy to help walk through best practices for locking down accounts and improving your overall online security posture. Stay safe out there!