Social networking site, Twitter has urged its 336 million users to immediately change their passwords after the company discovered a bug that stored passwords in plain text in an internal system.
However, the company said it had fixed the problem and had seen "no indication of breach or misuse”, but it recommended users consider changing their password on Twitter and on all services where they have used the same password "as a precaution”.
In a blogpost by Twitter’s chief technology officer, Parag Agrawal apologised for the mishap and urged users to change their passwords.
"We are very sorry this happened "We recognise and appreciate the trust you place in us, and are committed to earning that trust every day.”
"Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”
Agrawal advises people to change their passwords to enable two-factor authentication on their Twitter account and use a password manager to create strong, unique passwords on every service they use.
Companies with good security practices typically store user passwords in a form that cannot be read. In Twitter’s case, passwords are masked through a process called hashing, which replaces the actual password with a random set of numbers and letters that are stored in the company’s system.
How to create the perfect password
I hope you are not the kind that have ‘1,2,3,4,5,6,7’ as your password. Also, avaoid using single words as your password.
So, what is the best way to protect yourself?
Any security expert will advise you that a password should have a minimum of 12-14 characters. Apparently, a 14-character password could take 811 trillion guesses to crack.
You can also use a passphrase and not a password. For Example, if my password is ‘TheNewTimes’, I could instead use ‘IEnjoyTheNewTimes’ and I assume this would take all hackers around the world ages to crack it.
It’s also advisable to have a different password for every site that you visit. This makes you protected when one of the sites you visit experiences a situation like the one at Twitter.