Twitter users need to make sure that their passwords are at least 15 characters long to ensure a reasonable level of security says IT security company, MWR InfoSecurity.
The warning follows an attack on Twitter at the weekend that saw personal details stolen from as many as 250,000 users.
Ian Shaw, Managing Director of MWR InfoSecurity, said: “The single most significant thing users can do to protect their credentials on websites such as Twitter is to have a long enough password so that if the site is compromised, it is not possible to crack the password. For example 15 characters at least to include both words and numbers.”
Shaw said: “Users are often encouraged to have a short and complex password. It is much better to have a long and memorable pass phrase which will make it harder for the hackers.”
“However, the greatest exposure to a user is that if they have a password that is compromised, it is not being used on other sites. We would recommend that different passwords are always used on different sites and that they are all of a reasonable length. This is sometimes challenging but we would recommend that they use password storage software like KeePass to assist the process.”
Shaw added: “There is no information that I am aware of regarding who hacked Twitter. It’s my understanding that the hack took place through the Twitter application processing interface (API) and was most likely a result of application level security vulnerabilities within the API.”