How to keep your account from getting hacked
open allWhat for: So you don’t get hacked.
If you use a short and simple password, cybercriminals can guess it and hijack your account. A long and complex password is more secure. Use a strong password that:
- Is at least 8 characters long;
- Contains lowercase and uppercase letters, numbers, and special characters ($, @, etc.);
- Is not an actual word or easy-to-guess phrase;
- Is not the same as your passwords for any other accounts;
- Does not consist of information that strangers could easily find out (your name, date of birth, pet's name, and so forth — or those of your friends or relatives).
To change your password:
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Account;
- Tap Password;
- Enter the current password for your X(Twitter) account;
- Enter a new strong password twice;
- Tap Update password.
What for: So you definitely don’t get hacked.
X(Twitter) can prompt you to enter an additional one-time code every time you log in to your account. If cybercriminals attempt to hack your account, they will not be able to log in without this code. The code can be received in different ways: via a text message (SMS) or using an authentication app.
To enable two-factor authentication:
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Account;
- Tap Security;
- Select Two-Factor Authentication;
- Select the authentication method:
- Text message — receive a one-time code via SMS;
- Authentication app — a one-time code is generated in a dedicated app such as Authy or Google Authenticator;
- Security key — a one-time code is generated using a USB, Bluetooth or NFC authorization device such as YubiKey;
- Follow the on-screen instructions;
- When two-factor authentication is enabled, you will see a dialog box with a one-time backup code. Copy it and store it in a safe place. You need this code to access your account if you lose your phone. Note that you can log in using the backup code only in the Web version of X(Twitter).
You can get the code later by selecting Backup code in the Additional methods section.
Downside: If you use SMS-based authentication, X(Twitter) can use the specified phone number for targeted ads.
What for: Not to reveal your main password to third-party services.
Use a temporary password if you use the X(Twitter) account to log in to third-party services. It lets you log in but expires in one hour. Even if the temporary password ends up in the hands of cybercriminals, they will hardly be able to use it in time.
A temporary password can be generated only after two-factor authentication has been enabled.
To generate a temporary password:
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Account;
- Tap Security;
- Open Two-factor authentication;
- Tap Temporary password in the Additional methods section;
- Use the generated password to log in.
What for: To make sure that you are the only one who has access to the account.
You can view the history of logins and other activities carried out on behalf of your account. If you detect any suspicious activity, immediately change your password and terminate all active sessions except the current one.
To check the security of your account:
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Account;
- Tap Apps and sessions;
- Check your personal data and activity history in the Sessions and Account access history sections.
To terminate all active X(Twitter) sessions except the current one:
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Account;
- Tap Apps and sessions;
- Select Sessions;
- Tap Log out all other sessions.
How to keep corporations out of your business
open allWhat for: To use device resources sparingly and hide from cybercriminals.
X(Twitter) detects the approximate location of users based on the IP address. However, the app can also collect information about your precise location so you can geotag your posts and view targeted ads and recommendations. Note that if you once geotag your tweet, all your subsequent posts will be geotagged automatically until you disable this feature.
Transmission of geodata increases traffic usage and drains the battery. Information about your location can also help cybercriminals stage phishing attacks.
Precise location tracking is disabled by default, but we recommend checking this setting.
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Privacy and safety;
- Go to Precise location;
- Clear the check mark next to Precise location.
It is impossible to remove geotags from previously published tweets in the Android app. To do so, follow instructions for the web version.
Downside: Third-party services can also geotag your tweets and do not always warn you explicitly.
What for: To minimize the risk of a leak.
X(Twitter) can collect information about your behavior, preferences, interest, and location, as well as other data. You cannot block access to the basic account info. This includes the name of your device, your social network activity and approximate location. This information is used to generate targeted ads and recommendations as well as to form the news feed.
However, X(Twitter) can analyze additional data and info. For example, if you regularly log in to X(Twitter) from your mobile device and visit travel sites on the computer at roughly the same time and both devices are connected to the same network, X(Twitter) can assume that these mobile device and computer belong to you and will begin showing hotel and travel agency ads in the app.
Additional information includes:
- Places you visited and precise geographic coordinates;
- Information about your other browsers and devices, even if you haven’t used them to log in to X(Twitter);
- Information about e-mail addresses and phone numbers that are not linked to X(Twitter) but may belong to you;
- Online browsing history;
- History of views and your interests.
Some of this information is provided by partners of the service. X(Twitter) itself can also share it with third parties. By default, the social network does not collect extended information, but we recommend checking the settings anyway.
To stop the app from collecting and using personalized information:
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Privacy and safety;
- Go to Personalization and data;
- Turn off the toggle switch in the upper part of the screen.
Keep in mind that this does not disable content personalization: X(Twitter) will still continue to do this based on available information about you and your device.
What for: So X(Twitter) has less info about you.
X(Twitter) stores data about your behavior, hobbies, and locations. It then uses such data for targeted ads and recommendations. If you are bothered by targeted ads, you can remove this information.
To remove saved data about your interests and location:
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Account;
- Tap Your X(Twitter) data;
- In the Interests and ads data section:
- Tap Interests from X(Twitter) and clear check marks next to all items in the list;
- Tap Inferred interests from partners and clear check marks next to all items in the list;
- In the Account history section, select Places you’ve been and tap Remove.
Downside: X(Twitter) can add new information on your interests and preferences based on your social network activity, so we recommend checking this list regularly.
How to defeat spammers and trolls
open allWhat for: To limit unwanted communication.
By default, only users whom you follow can send you direct messages. However, we recommend checking this setting:
- Open your profile by tapping the menu icon in the upper left corner of the screen;
- Select Settings and privacy;
- Tap Privacy and safety;
- Go to Direct Messages;
- Make sure that the Receive message requests toggle switch is turned off.
This will not affect users with whom you have already started chats. To stop them from sending you direct messages, blacklist them.
Companies and developers may send you direct messages requesting your location or access to media files. They use this information to configure recommendations. Note that this information can be shared with third parties, so treat such requests with care.
What for: To keep your peace of mind.
You can stop tweets containing specific words, hashtags, and smiley faces from appearing in your news feed and notifications. This lets you hide unwanted posts.
To configure the filter:
- Open the notification feed (by tapping the bell icon).
- Tap the cogwheel icon in the upper right corner of the screen;
- Go to the Muted words section;
- Select Muted words;
- Tap the icon with the + sign and add the word, tweets with which you want to hide;
- In the Mute from section, chose where to apply the filter: to the home timeline or the notification feed;
- In the Duration section, select for how long the filter should be effective;
- Tap Save.
By default, it is applied forever to both the home timeline and the notification feed. Also keep in mind that the filter is not case sensitive.
What for: To exclude adult and graphic content from the notification feed.
X(Twitter) can filter out content it designates offensive. This feature is disabled by default. However, we recommend checking the settings:
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Privacy and safety;
- If Display media that may contain sensitive content is checked, clear the check mark.
Keep in mind that you will still see such content in search results. To stop X(Twitter) from showing it in search results:
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Content preferences;
- Open Search settings;
- Set the Hide sensitive content check mark.
What for: Added protection against fraud.
The app for Android does not allow you to stop other users from adding you to teams using TweetDeck. To do so, follow instructions for the web version of X(Twitter).
How to hide posts from unwanted people
open allWhat for: To get rid of unwanted people in the virtual space.
To stop a specific user from viewing your tweets and replying to them or sending you direct messages, you can block this user. The blocked user will not be able to view your profile or contact you.
To block a user:
- Go to the profile of the follower you wish to block.
- Tap the three dots icon in the upper right corner of the screen;
- Select Block;
- Tap Block in the window that opens.
The user will not be notified about getting blocked. However, if they visit your profile, they will see that you blacklisted them. In this case the blocked users can file a complaint against you and view all tweets in which you mentioned them.
You can unblock a blocked user any time (for example, if you blocked the user by mistake):
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Privacy and safety;
- Go to the Blocked accounts section;
- Tap the Blocked button next to the account name to unblock it.
Keep in mind that if one of your followers shares the link to the photo attached to your private tweet, the image will be visible to all recipients.
What for: To avoid running into somebody you don’t wish to see.
Even if you block a user, you will still be able to see his account in search results. To exclude blocked accounts from search results:
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Content preferences;
- Open Search settings;
- Select the check mark next to Remove blocked and muted accounts.
How to prevent your personal data from being exposed
open allWhat for: To prevent your contact details from ending up in the hands of cybercriminals in the event of a leak.
X(Twitter) can use your phone contact list to suggest you to follow their accounts. The service also uses contact list information to create targeted ads and form your news feed. This information can be shared with third parties, which increases the risk of leaks.
To disable contact synchronization:
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Privacy and safety;
- Go to the Discoverability and contacts section;
- Tap Remove all contacts. This removes data collected by the service and disables contact syncing.
After that X(Twitter) will stop suggesting you to follow the accounts of your friends in your contact list.
Note that even after you disable synchronization, the X(Twitter) app will still have permission to access your contacts. To revoke it:
- Open Settings on the device.
- Go to the Apps & notifications section.
- Tap See all apps and select X(Twitter) in the list;
- Select Permissions;
- Tap Contacts and select Deny.
What for: To see what information X(Twitter) has on you and create a backup copy of important data.
X(Twitter) can generate for you a file with all your profile data. This will let you find out what kind of information the service collects about you as well as save it in case your account gets blocked, removed, or hijacked.
To download the archive with your data:
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Account;
- Tap Your X(Twitter) data;
- In the Download archive section, enter the password for your X(Twitter) account;
- Tap Request archive next to X(Twitter) and wait for a notification or e-mail;
- After receiving a confirmation message, tap Download archive next to X(Twitter).
Here you can also download your Periscope account data (if you use Periscope for direct broadcasts in X(Twitter)).
It may take several days to prepare the archive. A download link will be sent to your e-mail address. Note that you may request a data download up to once every 30 days.
What for: To control who has access to information about you.
By default, all X(Twitter) users can tag you in photos. If you get tagged by a person whom you follow, the tweet will appear in your timeline. In this way, your information can become available to strangers. You can block users from tagging your profile when they post images.
To stop other users from tagging you in photos:
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Privacy and safety;
- Tap Photo tagging and select Off.
View photos in which you are tagged in the Mentions section in the notification feed (bell icon). If necessary, you can remove the tag:
- Tap the arrow icon to the right of the tweet author's name;
- Select Remove tag from photo;
- Tap Remove again to confirm your selection.
What for: To keep cybercriminals from learning sensitive information.
By default, your posts are visible to everybody, even people who do not have a X(Twitter) account. Information from posts can help cybercriminals stage phishing attacks. You can limit the visibility of your tweets to everybody except approved followers.
To limit access to your posts:
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Privacy and safety;
- Turn on the toggle Protect your Tweets.
Now X(Twitter) users who want to read your posts will have to submit a request and wait for your approval.
Previously published tweets will remain public.
Also, people who were among your followers at the time when you made your profile private will continue to see your tweets.
What for: To prevent your personal information from ending up in the wrong hands.
Cybercriminals can use your account data to stage phishing attacks, and X(Twitter) can use it to configure ads and recommendations. You can limit the scope of publicly available information or refrain from specifying your real info.
To change the profile data:
- Open the menu by tapping the icon in the upper left corner of the screen;
- Select Profile;
- Tap Edit profile or Set up profile depending on the button you see:
- After tapping Set up profile, upload as your profile photo any image that makes it impossible to determine that the account belongs specifically to you. You can skip further page configuration steps. Tap View profile, and you will see the Edit profile button;
- After tapping Edit profile, tap your profile photo and upload any image that makes it impossible to determine that the account belongs specifically to you;
- In the Name field, enter an alias;
- Remove data from the fields:
- Bio;
- Location;
- Website;
- Tap your birth date at the bottom of the screen;
- Tap Remove birth date and confirm your selection;
- Then tap Save in the upper right corner of the screen.
What for: To prevent cybercriminals from using such information.
By default, other X(Twitter) users can find your account using your phone number or e-mail address. Information from your profile can help cybercriminals stage phishing attacks, so we recommend disabling this feature.
To stop users from finding your account using your phone number or e-mail address:
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Privacy and safety;
- Go to the Discoverability and contacts section;
- Clear check marks next to:
- Let others find you by your email;
- Let others find you by your phone.
Downside: Other users will have a harder time finding your X(Twitter) account.
What for: To minimize the risk of a leak.
If you linked other sites or apps to X(Twitter) (such as apps for finding followers or counting tweets), they can obtain access to your data. In some cases they may also be able to like posts and follow or unfollow accounts on your behalf.
Such sites and apps do not normally inform you explicitly about the specific permissions you grant them.
You can deny third-party apps and sites access to your data in order to rule out any unauthorized activity in your account and lower the risk of data leaks.
To disable access to your account for third-party services and apps:
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Account;
- Tap Apps and sessions;
- Select Connected apps;
- Check the list of apps and sites that have access to your profile and block the ones you do not use:
- Tap the right arrow next to the app;
- Select Revoke app permissions.
How to get rid of unwanted notifications
open allWhat for: To avoid distractions.
By default, X(Twitter) sends you notifications about the most interesting activities of other users (in the opinion of the service). If these notifications seem unnecessary, you can stop the app from notifying you about activities of specific user categories, e.g. those who have not confirmed their contact details (spammers often avoid doing this to save time):
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Notifications;
- Set the check mark next to Quality filter;
- Tap Advanced filters and select check marks next to:
- You don’t follow;
- Who don’t follow you;
- With a new account;
- Who have a default profile photo;
- Who haven’t confirmed their e-mail;
- Who haven’t confirmed their phone number.
Downside: The filter does not apply to accounts that you follow or with which you recently interacted.
What for: To avoid distractions.
X(Twitter) can send you push notifications, text messages, or e-mails. Some of the notifications are marketing materials about recommended products, including from X(Twitter) partners.
To stop receiving such notifications:
- Open the menu by tapping the icon in the upper left corner of the screen;
- Go to the Settings and privacy section;
- Select Notifications;
- Go to the Email notifications section and clear check marks next to:
- News about updates to X(Twitter) products and features;
- News about X(Twitter) on partner products and other third-party services;
- Participation in X(Twitter) research surveys;
- Suggestions based on your recent follows.
We recommend reviewing other notification categories and disabling those that you do not want to receive.
Downside: Some notifications may contain information about service features and useful tips on using the platform.