twitter changes

PSA: You should go change your Twitter password, because it was stored as plain text

2 min read

Twitter has announced via their official blog that they have recognized a bug in their internal systems that allowed for user passwords to be stored in plain text.

The company assures customers that this is not a breach, but rather a software issue, and users should simply change their passwords. Twitter also claims that the code is currently being reviewed and a fix will soon be in place.

We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard.  

Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.

In conjunction with changing your password, Twitter also suggests a few other options to increase your account security.

  1. Use a strong password that you don’t reuse on other websites.
  2. Enable login verification, also known as two-factor authentication. This is the single best action you can take to increase your account security.
  3. Use a password manager to make sure you’re using strong, unique passwords everywhere.

And piggybacking off the final suggestion, we are big fans of password managers. Some of our favorites to check out are LastPass, Dashlane, and Bitwarden, and we’ve got a full explainer on how they work. These are good utility apps to use to have a localized locker for all your passwords and will also auto-generate, and save, secure passwords for all your online accounts.

Source: Twitter