Don't Give Others Your Twitter Password

As Twitter has become better at shutting down malicious apps, we've seen more of the bad guys asking users for their Twitter passwords. Once they have your password they are able to seize control of your account for their own purposes. This can cause huge damage to your account and can often be irreparable.

Under no circumstances should you ever give anyone your Twitter password, or the verified phone number on the account. If a website has asked you for your password after signing you up to their service, or after taking payment from you, then they are clearly trying to deceive you - especially if they did not inform you beforehand that they would be requiring your password.

Why Is It Bad

Any website or app that is asking for your actual password is doing so because Twitter has blocked them from integrating directly as an authorized app. This is because they are usually doing bad things to your account, such as:

• Posting tweets without your permission
• Sending DM's to your followers
• Stealing your personal data
• Aggressively following and unfollowing others
• Spreading viruses and holding you to ransom
• Hacking your other accounts
• Engaging in identity theft
• Selling actions made in your account to others
• Selling your twitter account
• Changing your email and password (locking you out)
• And the list goes on...

At a minimum your account will usually be locked by Twitter when the operator starts to perform actions in it (you will usually be able to unlock it). Unfortunately, in many instances your account is likely to be suspended, or possibly even stolen and lost forever. In some cases you may even face legal jeopardy if they break the law with it.

How To Secure Yourself (Again)

If you have given your password out then you will need to take action quickly to protect yourself. In a nutshell, this is what you need to do:

• Change your password
• Log out all devices
• Review your apps
• Set up login verification (with a phone)
• Look for actions you didn't make

You can change your Twitter password on the settings page.

Next you should head down to the apps and devices tab and click the 'Log out all' link. This will log the bad guys out of your account.

On that same page you should take the time to review all the apps that you have connected to your Twitter account. If there are any you don't recognize or trust, then revoke their access. You should see twiends.com in that list. Needless to say we hope you'll keep us connected, but feel free to revoke access if you are not using twiends.

On the account tab you should look to add login verification using your phone. This means that Twitter will send you a code when you try to log in. It's just an extra layer of security for your account. You may need to add your phone number first if you have not already done this.

Finally, you should take some time to scan through your recent tweets and DM's to see if there are any suspicious posts you did not make yourself. If you find any then delete them. You should also check your recent likes and retweets.

Stop The Bad Guys

Now that your account is secure again you need to try and recover any money you paid to the bad guys. If someone asked you for your Twitter password in order to promote your account, then it is likely they asked you for a PayPal or card payment at the same time. In order of preference you should look to do the following:

• Ask them for refund (they may or may not comply)
• File a PayPal dispute
• File a chargeback with your bank

If you paid via PayPal then you can use their dispute resolution process to recover your payment. Otherwise if you paid via a card then you can definitely ask your bank to cancel the payment via a chargeback. If their service is legitimate and they are not breaking any of the rules then you may have a tough time getting your money back, but if they are asking for your password and breaking rules then you may have a strong case.

Use 'Sign In With Twitter'

The recommended way to authorize an app is to use Twitter's sign in capability. Apps that use this capability need to be authorized by Twitter and do not require that you divulge your password to others.

Summary

The golden rule is never to give out your Twitter password and only to ever use 'Sign In With Twitter' to connect to apps you trust. If you have already given out your password then follow the steps in this article to take back control of your account today. Finally, recover your funds from those that have asked you for your password and stay clear of their 'services' in the future.