If you’re a Twitter user, you probably saw the alert advising you to change your password. Take it seriously.
The social media platform revealed this month that a bug in the systems left all Twitter passwords exposed in an internal log. Now, there’s no indication that this log was breached or misused, but “out of an abundance of caution,” Twitter says you should consider changing your password.
Beyond taking that step, Twitter has additional advice for you—tips that really applies in every data breach situation:
1. Change your password. For Twitter AND on any other service where you use the same password.
2. Use a strong password that you don’t reuse on other websites.
What makes a strong password? The Federal Trade Commission advises using passwords with at least 12 characters with upper and lower case letters, numbers, and symbols. They also advise you to avoid common words, phrases, or information.
3. Enable login verification, also known as two-factor authentication. Twitter says this is the single best action you can take to increase your account security.
Reminder: Two-factor authentication requires a password and an additional piece of information to log in to your account. For example, the second piece could be a code sent to your phone. This effectively adds another layer of security because even if someone gets your password, they still can’t log in.
4. Use a password manager. They’re a great way to make sure you’re using strong, unique passwords everywhere. The Federal Trade Commission agrees. Given how difficult it can be to keep track of unique and strong passwords, a password manager can store them for you. This not only makes your life easier, but also makes it more likely you’ll use great passwords.