Today Linus T from Cigar Newbie (follow him at @SyrLinus) gives some tips on Twittering securely. Image by Richard Parmiter
One of the fastest growing social networking tools of late has been Twitter, a quick messaging tool that utilizes UDP packets. It’s a great tool to send out quick updates. It is, to use the analogy, nothing more than a true virtual gab fest. People exchange “info” and talk about almost nothing at all. Seinfeld would be proud. But in recent weeks, a number of sites have popped up, trying to take advantage of people’s egos to one-up each other in regards to their ranking on twitter. That is, the more people who follow you, the better the rating. One way that they do this is request the username and password utilized for twitter. The person logs in with this and then the “attacker” can then use that account to send out spam or steal someone’s reputation.
And online, one’s reputation can pretty much be the only thing that carries or is important, particularly so during these hard times. There are no specific inherent security tools but there are some simple steps that you can do to ensure a secure Twitter experience.
3 Steps to Using Twitter Securely
- Change your password regularly: The only thing that ever should be static in life is a mosquito pond. Otherwise, everything should change at some point. Passwords are no exception. When online, you should change your password at least every 6-12 weeks. If you suspect or potentially are suspicious that your password has been compromised, change it sooner.
- Be complex: Few things in life are simple (other than toast and butter). You’re password should be a complex secret that only you would know or guess. I try to use combinations of things that have some unique meaning to me. For example, I might use Blu3Bl@nk3t since my name is Linus (I don’t but you get the idea). The combination of upper, lower, numbers and special characters as well as the length makes it hard to guess or crack.
- Never give out your password: the exception would be the Twitter application itself but only use those that are sanctioned by Twitter or have a high visibility rate (that is, other friends you know – ideally in person – recommend).
It is the UDP packets which put the hard data size limitation — thus, the limitation of number of characters. Some tools claim to get around this but what they are actually doing is breaking your message down into separate packets and sending two or more UDP packets.
@tumblemoose
You know, I changed my password after the great Twitterank scare of 2008.
It never really occurred to me that security might be a problem with a Twitter type site.
Ok, My eye’s have been opened, going to change it again right now.
Cheers!
@decentDev
Excellent suggestion for password strength. Of course Darren, I have seen a tool like that which uses twitter user name and password and auto follow many people by keywords you suggest. I would suggest to never trust such third party or anonymous tools or utilities. Perhaps Twollow is one of those tools.
@Dramagirl
Good web hygiene! Change your password frequently …
@mikenichols0
Good advice, and not just for Twitter! But trying to remember all those passwords gets to be a pain, and encourages laziness.
There are many password apps that help you create and enter complex passwords on the net. For the Mac, the best one I’ve found is 1PassWord. It works with most browsers (even obscure ones), will create complex passwords, and will remember and enter them for you. I even keep my software serial numbers in it. Its own password is tied to the Mac keychain, which is about as secure as you can get on the Mac.
I’m sure there are comparable apps for Windows.
@redwall_hp
#4: Don’t enter it into any old site that claims to make use of the Twitter API to do something. Give the site a once-over before letting them have your Twitter username and password. If it looks fishy (or phishy, more like), don’t risk it.
@FreelanceTwins
Also, don’t use the same password for every site. If a site steals your twitter password, and you gave them your email address, they might just have your email password too, so mix it up
@SeshuThePhotog
I have been using this – http://www.pctools.com/guides/password/ – to generate passwords on the fly. Works great. Of course, you do have to find a way to store them securely.
@syrlinus
Thanks for the comments. Definitely good suggestions (e.g. not using the same password as email) and having generated passwords. In regards to generate passwords, ensure that you don’t create a “sticky garden” to store passwords. And get into a regular habit of changing passwords. It doesn’t have to monthly. Once every 3-6 months or immediately after suspected violations are good options.
Additionally, be careful how much info and what info you share. Remember that twitter has NO built in security whether passwords or transmission of data. A lot of the security stuff is simply just common sense. Personally, I’d hate to see a good potential tool (whether marketing, grassroots organizing, whatever) end up being abused and used to the point that no one trusts it. That is ultimately what keeps a social networking tool useful: embedded trust.
@mintblogger
I normally change my GMail and twitter password every 2 months, but after reading about domain hacks on makeuseof dot com, I have increased the frequency. Neat advice for all twitter users…
@syrlinus
Welp, one more thing to add to twitter security. You may want to make your page private with the introduction of “TweetStalk” (http://tweetstalk.com/). For most people it may not be an issue but if you do have that “ex” (you know the kind of person I’m talking about) this may not be a good thing.
@glwallace
Along the idea of twitter safety, I think it is important to add that people shouldn’t tweet about their personal lives too much. For example, I have friends that write posts about their entire day. They tell their followers when they are leaving home, where they are going, and when they are returning. People should leave those type of details out of their tweets.
@hectorhenry17
I think its something that will never change in computer stuff like, because there will always be someone that want to take advantage form you in any way. So you all change you passwords.
@mobasoft
Where’d you come up with Twitter using UDP packets?
@syrlinus
Well, a couple of things first made me think it was udp: first, the limitation of characters at 140 is reminiscent of early ICQ days in the mid-90s where there was the same character limitation (UDP has a fixed data size compared to TCP which has size flexibility). Second, Google searches confirm that based on what others have dug up on it. I haven’t seen anyone suggest yet that it’s a TCP protocol (it may be and very proprietary) but I’d bet it more towards UDP.
@ticoit
Regular password updates for twitter and every other network based services is a must. The Internet is not the safe place people thinks.
@sharilynn1999
while password changes are good and recommended the photo reminds me of something my grandma used to say to my cousins… “what if you’re in an accident, you don’t want the medics catching you with dirty pants” haha ROFL!!
Nice tip. But how about your FutureTweets? It asks our Twitter password!!
@syrlinus
Jhay, regardless of what thing you log into always just be aware. Monitor it, check it. See if things change, odd posts go out, etc. The key here is simple:
1. use good passwords.
2. use a password different from **ALL** emails and other accounts
3. be aware
The last point is probably the most important one.
thats great that you are talking about the twitter api,a good example of searching with the twitter api is on twiogle.com because you can search on twitter and google at the same time.