Bug Found in Twitter Code – Time to Change Passwords

It has now become very ridiculous – every second or third month, news comes from Silicon Valley about some new data breach in their servers that has affected millions of users and then asks you to quickly change your login credentials. People are getting tired of changing passwords every second week. This time it is Twitter’s turn – the popular social networking company started sending email messages to all of their 330 million users about a bug that has been found in their code and how everyone should change the passwords to stay secure.

The well known safe practice of storing user login passwords on the servers is to store them after hashing. This means that your passwords are never stored in the plain text format. But the server creates a hash of your password and then stores only the hash. A hash is a unique long alphanumeric string calculated using algorithms like SHA1 and MD5 from your plain text password. Next time you try to login, the server matches only the hashes calculated from the entered password and the hash stored on their servers. Beauty of this method is that even if someone finds the stored hashes on server, they cannot find your password because hashing algorithms are one-way encryption – hashes cannot be decrypted.

Twitter Change Password

Apparently Twitter was not following this well known approach of storing the user passwords – they were storing both the hashes and the plain-text passwords. This was found out earlier this month, corrected and now its up to you, the Twitter user, to change your passwords to make sure that your accounts stay safe. You can do this simply by visiting  https://www.twitter.com/settings/password.

You should use a strong password for all of your online accounts. For this, you can use our in-house tool PassGen or use Norton’s Password Generator tool from https://my.norton.com/extspa/idsafe?path=pwd-gen. For added security, Twitter is advising that you enable two-factor authentication by adding your mobile number to your Twitter account which is certainly a good idea.