There’s a report going around that U.S. President Trump’s Twitter account was hacked — again — by a Dutch security researcher who just happened to guess the correct password: “maga2020!” I think the story is absolutely bogus, but it’s still a great reminder that you shouldn’t be lazy with your social media security. Locking down your Twitter account is easy, and it takes less than five minutes to do.
There’s no reason you should be using a simple password that anyone could easily guess. Go here. Change your password to something more complex. If you have no idea what that means, get some help. Save this password in your browser — or, better yet, a great password manager. Don’t use this password anywhere else.
If someone happens to get into your account and attempts to reset your password — to then lock you out — you can require Twitter to verify the request via your phone number or email address. Set that up here.
At minimum, you should have Twitter send you a code in a text message whenever you (or anyone else) tries to log into your account for the first time. You’ll then type that code in to verify that the request was legitimate. In a perfect world though, you would link Twitter to an authentication app that would provide this code, because even text messages aren’t the safest way to verify a login attempt is actually you.
(Make sure you write down your backup code and store that somewhere safe.)
Did some app access your Twitter account without your permission? Check that here. And if you don’t recall granting a certain app access to your account, go here to disconnect the offending apps from your account.
It’s easy to see what other devices are currently logged into your Twitter account. Go here to check, and if you don’t recognise a smartphone, tablet, or PC on that list, click “Log out all other sessions,” and then change your password (and set up two-factor authentication!)
If you need to nuke your Twitter account, do so here. You’ll have 30 days to change your mind until your account is gone for good, unless you have a verified account. Then, you can select a window of either 30 days or one year.