If you are perplexed after the announcement by Twitter on Thursday asking each of its 330 million users to change their passwords, you have landed at the right place. This article shall discuss all parts of the news right from why it originated to should you be “bugged” with it?
For starters, let us first address the title of the article – Should you change your twitter password immediately? Well, you might want to do so. You don’t need to be worried about it though. Twitter has reassured all its users that nobody’s data has been illegally accessed. This incident is not half as scary as the Equifax one in which people’s financial information was leaked.
Moreover, even after the announcement, Twitter is treating the changing of passwords as a choice rather than a MUST. If you want to change your password as a precaution, you can go ahead with it, but you are too lazy to do so, worry not for you are on the safe side also. You can trust the Company executives when they elaborate that changing password is a “decision” rather than an obligation. Twitter’s Chief Technology Officer, Parag Agarwal, went on to say that they didn’t have to share this information with the users. They did so because it was just the right thing to do. Twitter wants to give people the right to make informed choices regarding their security and privacy.
Experts say that the situation is somewhere between a low to medium level security issue. The passwords being leaked internally is a much more ideal scenario than them being leaked externally and being used by some third party to gain data in an unauthorized manner. However, the situation still raises more questions than it answers.
You can also observe the leniency of Twitter in this regard by noticing that the message that pops up on your browser when you access the page also gives you the option to skip changing the password. It furthermore assures you that no damage has been done and the experts have successfully fixed the bug.
Now, the question that arises is how did we land in this puddle? What exactly happened to the passwords? Well, how companies store passwords is hard math but let me simplify it for you.
Suppose you set your password as Password1234 (Don’t set your password as this). Even when you enter this password in your browser while opening the age, the employees of the organization will see it as a string of numbers and letters rather than as the actual password. This process is called hashing, and the jumbled version of your password is termed as a hashed password. Through the process of hashing, your password appears as a jumbled set of numbers and letters and thus prevents your data being stolen by the person on the other side. Hashing is indeed a great way to ensure an individual’s privacy and security.
What Twitter has revealed is that it did store the passwords of people in an ‘unmasked’ manner in some parts of its database. Yes, this means that if someone was able to break into Twitter’s databases, stealing your password would have been as easy as copying and pasting. You don’t need to be worked up about it for now because Twitter has reassured all of its users that no one inside or outside the organization engaged in this malpractice.
Here, the questions that will remain unanswered are that what exactly happened to the passwords? What happened to the process of hashing? We have no idea how many people at Twitter could see the unencrypted passwords in the first place or even worse who could see it because deciding who gets access to such crucial data is Twitter’s internal policy. Twitter has reassured however that no one has been able to access the passwords in an unauthorized manner. Moreover, though we know about the ongoing bug at twitter, none of us has an idea as to for how long were the passwords exposed.
Twitter has further gone on to advise people to take these four steps to protect their accounts now and in the future –
- Change your password on twitter as well as on any other service where you may have used the same password. It is not advisable to keep all your eggs in one basket. You should avoid using the same password for all your social media accounts.
- Now, set a secure password for Twitter. Don’t reuse the same password for your other social media accounts. The password should be nowhere close to your personal information like birthday and anniversary.
- Enable two-factor authentication. This way even if someone does get access to your passwords, they will not be able to break into your account because a message shall be sent to the authorized mobile number or email id with the OTP to confirm whether it was you who was trying to access your account from a different platform
- These days password managers are available for free on the internet. Do utilize their services. They will help you in ensuring that you have set robust, secure and unique passwords for all your accounts.
Personally, I would suggest you not to take the reassuring promises of Twitter at face value and go ahead, put in a little bit of effort and change your passwords. It will be silly on your part if you ignore this vital information especially after the most popular social media platform, Facebook, has found itself stuck in Cambridge Analytica data leak scandal. Remember, “Precaution is always better than cure”. It is pretty unusual for a company with such goodwill to make such a big mistake. Questions are being raised, and Twitter has been put under public custody. However, for now, the organization has refused to provide any further technical information on the issue.