Twitter said last week it discovered a bug that stored passwords in an internal log in plain text, without the usual encryption. Though Twitter says there’s no indication that anyone has stolen or misused those passwords, the company is recommending a change as a precaution.
Here are some tips on coming up with a new password and safeguarding your account — even if your password is compromised.
Don’t even think of using “password” as your password. Picking any common word as your password should be avoided because it’s easily guessed using software that tries out every word in the dictionary.
However, you can get a good password by combining two or more words, such as “rocketcalendar.” Sprinkle in some numerals and punctuation marks, and make some of those letters in caps, and you’ve got a strong password. So “rocketcalendar” becomes “rocket44!calendaR.” (But don’t use that one; the fact that it’s in this article means hackers probably already have it in their databases.)
Some services will even require your passwords to have certain characteristics. As you type a new password on Twitter, the service will tell you whether it’s “Too Obvious” or “Weak.” Go for “Very Strong.”