On Thursday, Twitter is suggesting its 330 million users to change their passwords after some of them were randomly stored in plain text on an internal log.
Twitter stated in a post on its official blog that it had fixed the misconception and that it believed that no passwords were ruptured or misused. But it advised the users to contemplate changing their Twitter passwords “out of an abundance of caution.”
Twitter didn’t declare how many passwords were disclosed or for how long.
Twitter, like most large internet companies, uses a standard password-concealing protocol called “hashing,” which runs your password through an equation to convert it into a string of random-avowing numbers and letters. For instance, in one kind of hashing, the password “password” might be “5f4dcc3b5aa765d61d8327deb882cf99.”
When you type in “password” at the Twitter log-in screen, what Twitter truly gets is that soup of letters and numbers; it differentiates it with the soup it cooked up and lets you in only if they match. Joining with other mechanisms, hashing makes it totally strenuous to reverse-engineer a password from its hash.
The thought is that your original password isn’t ever presumed to be saved on Twitter’s servers — but that’s what happened in this case, the company stated.
“We are very sorry this happened,” it said. “We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”
Security authorities suggest everyone to follow a few easy rules to safeguard their passwords:
- Use difficult and hard-to-guess passwords. That wouldn’t have made a change in the Twitter case, but not all online service makes use of hashing, and some that do still depend on older, easier-to-decode versions.
- Never use old passwords again. If an evil guy administers to get one of your passwords and you’re using it on multiple sites, he has the key to your data on all of them.
- Use two-factor verification, or 2fa, a procedure that needs you get an additional one-time-only code through a text message or an app on your phone every time you log in. Google provides 2fa service, which more companies and sites are acquiring as an extra security option.
Note: When you change your Twitter password, make sure to update it at any other site linked to your Twitter account.