We want Twitter to be a safe and open community. This help page provides some information and tips to help you practice safe Tweeting and keep your account secure. Here are some basics:
We're working to improve our responses to security threats, but user accounts and computers can sometimes become compromised by phishing, hacks, or viruses. If you think your account has been compromised, please visit our help page for compromised accounts to find out how to fix it quickly!
You can help protect your account by following some easy precautions, discussed below.
In addition to creating a secure Twitter account password, you should also do the same for your email address associated with your Twitter account.
Additionally, you can select “Require personal information to reset my password” in your account settings. If you check this box, you will be prompted to enter your e-mail address or phone number to reset your password if you ever forget it.
For more info on selecting a secure password, check out these password tips from Google.
Phishing is when someone tries to trick you into giving up your Twitter or email username and password, usually so they can send out spam to all your followers from your account. Often, they’ll try to trick you with a link that goes to a fake login page.
Be wary of weird links in DMs: Be cautious when clicking on odd links in DMs. Even if the link came from a friend, it's possible that their account was compromised and the URL was actually sent out by a spammer.
Make sure you're on Twitter.com before logging in: Whenever you are prompted to enter your Twitter password, just take a quick look at the URL and make sure you're actually on Twitter.com.
You can find the URL in the address bar of your browser. Twitter domains will always have the http://twitter.com/ as the base domain. Here are some examples of Twitter login pages:
Phishing websites will often look just like Twitter's login page, but will actually be a website that is not Twitter. Here are some examples of URLs that are NOT Twitter pages:
If you think you may have been phished, change your password as soon as possible and visit this help page for compromised accounts.
Log in directly at Twitter.com if you're unsure: If you’re ever uncertain of a website, just type Twitter.com into your browser bar, hit enter, and log in directly from our homepage.
Twitter will never ask you to provide your password via email, direct message, or @reply.
We will never ask you to download something or sign-in to a non-Twitter website. Never open an attachment or install any software from an email that claims to be from us; it's not.
If we suspect your account has been phished or hacked, we may reset your password to prevent the hacker from misusing your account. In this case, we'll email you a link to where you can reset your password. Again, this link will always be on the http://twitter.com/ website, and we will never ask you to provide your password via email, direct message, or @reply.
If you forget your password, you can reset it yourself at this link.
Tip: If you're getting password reset emails you didn't request, you might consider verifying a phone with your account to prevent other users from mistakenly typing your username into our password reset form. We always ask for phone number confirmation before we send any user-requested password reset emails.
Lots of links are shared on Twitter, and many are posted with URL shorteners. URL shorteners, like bit.ly or TinyURL, create unique, shortened links that redirect to your longer link so it can be more easily shared. URL shorteners can also obscure the end domain, making it difficult to tell where the link goes to.
Some browsers have free plug-ins that will show you the extended URLs without you having to click on them. Here are links to plug-ins for Internet Explorer and Firefox (which is a free-to-download browser):
In general, please use caution when clicking on links. If you click on a link and find yourself unexpectedly on a page that resembles the Twitter login page, don't give up your username and password! Just type in Twitter.com into your browser bar and log in directly from the Twitter homepage.
Keep your browser and Operating System updated with the most current versions and patches; patches are often released to address particular security threats. Be sure to also scan your computer regularly for viruses, spyware, and adware.
If you're using a public computer, like at a library or school, make sure you always sign out of Twitter when you're done (there's a "Sign Out" link in the upper right of the site).
If you get a weird link from a follower that you think is a phishing site or a spam site, reach out and suggest they change their password right away. You can also send them to the help page for compromised accounts so they can get more information.
There are lots of third-party programs and applications you can use with your Twitter accounts. These applications are built on the Twitter platform by external developers and allow you to do an array of neat things with your account. However, you should be cautious before giving up control of your account to someone else.
There are two ways to grant an application access to your account. The first is a secure protocol called OAuth. This is our recommended connection method and doesn't require you to give out your username and password. The other way to connect requires you to give your Twitter username and password and is called Basic Authentication. You can find out more about OAuth and Basic Authentication on our Connecting to Third-Party Application help page.
You should be particularly cautious when you're asked to give your username and password to an application or website. When you give your username and password to someone else, they have complete control of your account and can lock you out or take actions that cause your account to be suspended. Be wary of any application that promises to make you money or get you followers. If it sounds too good to be true, it probably is!
Some legitimate applications do ask for your username and password. These include installed applications you use for tweeting from your desktop or mobile phone. Just be sure to research applications thoroughly before providing account access.
Revoke access for any third-party application that you don't recognize by visiting the Applications tab in Account Settings.