Pickr
  • Latest News & Reviews
  • Recommendations
  • Phones
  • Earphones
  • Sound
  • The Wrap
No Result
View All Result
Pickr
  • Latest News & Reviews
  • Recommendations
  • Phones
  • Earphones
  • Sound
  • The Wrap
No Result
View All Result
Pickr
No Result
View All Result

Twitter users need a password change (as do we all)

Leigh :) StarkbyLeigh :) Stark
May 5, 2018
Reading Time: 4 mins read
Share on TwitterShare on FacebookShare on LinkedInShare over email

A bug in Twitter’s internal operations means Twitter users get to come up with a brand new password. And if you’ve always wanted to know about strong passwords to secure you’re own, this is for you, too.

When companies mess up, they generally have an obligation to their user base to point it out and not keep them in the dark. And that’s what Twitter is doing this week, because if you use that social media service, you’re going to be asked to change your password.

Twitter’s Chief Technology Officer Parag Agrawal wrote a blog this week detailing that Twitter users should change their password this week, especially if they’ve been using that password on other services as well.

While passwords should be secured in a way that makes it so that no one else can see them, that hasn’t quite been the case inside of Twitter.

Typically, services that you register usernames and passwords for accounts should be encrypted, making them a little more airtight inside the service. The process is also known as hashing, and includes an algorithm to turn the password into a string of characters that is nonsensical, compared to the outright password you might be typing in.

Deciphering these hashed strings comes down to password cracking, something that takes a lot of time, compared to seeing the password and merely using it, matching it to a user and seeing what else it works with.

In 2018, we expect that all places where you register an account and have passwords at should be hashing passwords, or at the very least encrypting using some other method.

Twitter is reportedly doing that, however the company has highlighted a bug this week that allowed passwords to be written the way they were before the hash to an internal log before the hashing process was complete. That means that while Twitter was doing the right thing and encrypting your password, it was also doing the wrong thing and storing your passwords to plain text for anyone inside the company to read.

“We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again,” wrote Agrawal in Twitter’s blog.

While it’s greater that Twitter found the bug, this bug also means anyone using Twitter may technically have that password compromised. It’s not necessarily going to happen, but as a precaution, Twitter is advising its users to change their password, and if they use that same password on other services, to change that password as well.

Password habits

One of the things you learn quickly about passwords is that we’re not great at them as a whole.

There are some perfectly great reasons for this, coming down to just how many services we’re all subscribed to and using — Gmail, Facebook, Twitter, LinkedIn, Uber, Menulog, Evernote, iCloud and the App Store, GitHub, and so on and so on — to how many passwords we want to remember.

The simple reality is that with everything else we have in our lives, remembering a lot of passwords isn’t easy, and unless you’re using a password app or are storing your passwords somewhere secure that only you know about, there’s a good chance you’re using the same passwords across the board.

Frustratingly, that means if you’re using the same password for Twitter that you were for Facebook, you need to change both, and do it ASAP.

Most (if not all) security experts will recommend having a different password for every service to minimise the chances of security breaches, and this falls under that area.

While not everyone will take this approach, those that do should find themselves with better security across the board.

What’s a strong password?

Strong passwords are the name of the game, and it’s not just “password” or “password123”.

Unbelievably in this day and age, these passwords still persist and are in use by people, and passwords like “123456”, “password”, and “12345678” topped the list in last year’s list of the worst 100 passwords online, published by annually by Splash Data.

If you’re using one of these passwords, stop immediately and change it ASAP.

Instead, consider using a strong password, because simple passwords like these can be easily guessed or broken.

Consider a strong password made up of either a word or phrase, with numbers you can recognise, and some punctuation characters that help to bolster the security.

A common approach is to use a phrase you’d associate with the service in question. Since we’re talking about Twitter, you might think of “talking to friends”. Take that phrase and replace characters with numbers and punctuation so that it renders as “talking!t0!friends” or “TalkingT0Friend$!”.

The longer the password the better, so make sure it’s longer than eight characters and includes at least one number and one piece of punctuation, and if you can a capital letter as well. The stronger the character set is, the harder it is to break.

How can you manage secure passwords for every service?

Having one secure password is great, but how do you keep several secure passwords across several services?

While there are password apps like LastPass that can help, one trick we’ve heard over the years has been to make a variant of a strong password for each network you need to log in at.

If you’re happy with the way your strong and secure password has turned out and you’d prefer to use it or something like it for every service, don’t just reuse that password, modify it for that service.

Let’s take one of those passwords from before, “TalkingT0Friend$!”. If we’re happy with that as a password we can use for everything, but know there’s a risk it could be broken, consider personalising it for a service. For instance, it might be “TalkingT0Friend$!”, but you can add a few letters to make it different for services.

For Facebook, we might add “Face” to the end, and it becomes “TalkingT0Friend$!Face”, or if we’re personalising it for Gmail, we might add “Gm” and turn it to “TalkingT0Friend$!Gm”. You might even consider adding a few more numbers like your favourite number and another form of punctuation to the package, so our Facebook password becomes “TalkingT0Friend$!Face007?”.

Ultimately, your password should be secure enough so that it’s hard to break, but also possible for you to remember it. If you can’t and it becomes too difficult to manage passwords, consider grabbing a password app or service for your phone and/or computer, as that can help long term, as well.

Leigh :) Stark

Leigh :) Stark

One of Australia's well regarded technology journalists working out of Sydney, Leigh Stark has been writing about technology for over 15 years, covering phones, computers, cameras, headphones, speakers, and more. Stylising his middle initial with an emoticon, he aims to present tech in a way that makes it easy for everyone. While he founded Pickr in 2016, Stark's work can be seen in other publications including The Australian Financial Review, Popular Science, and many more. His award-winning podcast "The Wrap" is syndicated on Southern Cross Austereo's LiSTNR network weekly, while he can be heard on radio via ABC Brisbane and ABC Canberra, and seen on TV's Nine. Check out Leigh Stark's most recent media appearances.

ADVERTISEMENT

Related Posts

What fallout can we expect from the 2019 Facebook leak?
The Wrap - Australia's fastest technology roundup

The Wrap – Password protection and going on scam watch

May 7, 2022
How chatbot scams work
Online

Why passwords are problematic, but why we have trouble moving on

May 5, 2022
Sphero, Star Wars reveal what’ll be on everyone’s holiday shopping list
Home Entertainment

How to celebrate May the Fourth online

May 4, 2022
ADVERTISEMENT
  • Recommendations
  • Best Picks
  • Methodology
  • About
  • Media Appearances
  • Contact
Change the way you choose.

© 2016 to 2022 Publishr Pty Ltd: ACN 624 227 256
All rights reserved.

No Result
View All Result
  • Latest News & Reviews
  • Recommendations
  • Phones
  • Earphones
  • Sound
  • The Wrap

© 2016 to 2022 Publishr Pty Ltd: ACN 624 227 256
All rights reserved.