By default, Twitter accounts tweet publicly, so if someone takes control of your account, they can quickly damage your reputation by tweeting obscenities or lies. And if you use your Twitter account to log into other websites, then someone who gains access to your Twitter account gains the keys to those other accounts.
For these reasons, it’s critical that you take the time to set your security and privacy settings on Twitter. Let’s walk through them.
This guide shows the full, desktop version of the Twitter website. The steps will be similar for the mobile website and Twitter apps. The links throughout the guide will take you directly to the pages referenced.
For some settings, I don’t have a recommendation related to security or privacy, so I don’t describe them in this guide. For those, feel free to keep the default, or choose based on your preferences.
Note: this page contains affiliate links. Please see Affiliate Disclosure.
In Twitter, click More on the left side of the screen, then click Settings and privacy. You’ll see a menu with various categories of settings. We’ll go through them in order. Be sure to click the Save changes button at the bottom of each screen.
In the menu, click Account.
Password: Set a long, strong password (20+ characters, with a mix of uppercase, lowercase, numbers, and special characters). I recommend using a password manager, such as LastPass, to create and store your password.
Below the password fields, where it says You have X application[s] with access to your account, click the link to view Apps and sessions.
Review the apps connected to your Twitter account. If there are any that don’t truly need access to your Twitter account, click them, then click Revoke access.
Review the Sessions. If there are any devices that don’t truly need access to your Twitter account, click them, then click Log out the device shown.
Password reset protect: check this box.
Click Login verification. Check the box for Login verification. Check the box for each verification method that you’d like to enable. I recommend Mobile security app with the Authy or Google Authenticator apps. If you have a security key, enable that option (I like the YubiKey – Amazon aff. link). Text messages can be spoofed and intercepted, so it’s better to use the mobile security app or security key options than the text message option.
Click Backup code. Save the backup code somewhere secure; I use the Notes field of the entry in LastPass.
Learn more in How & Why to Use Two-Factor Authentication.
In the Settings menu, click Privacy and safety.
Protect your Tweets: If you don’t need your tweets to be public to the world, check this box. This makes your tweets private, only visible to those whom you approve. This defeats the purpose for which many people use Twitter, but not everyone needs to make their tweets public. Learn more about public and protected Tweets.
Location information > Add location information to my Tweets: I recommend unchecking this, so that you’re not constantly revealing your location. Learn more in Don’t Post About Travel Before or While You’re Away.
Delete all location information: I recommend clicking this to remove location info from your past tweets.
Show read receipts: I like to uncheck this. I’m not a fan of read receipts in any messaging platform, because I don’t like people knowing when I’ve read their message. Not only does it reveal behavioral patterns about when you check messages, it also causes people to judge you based on how quickly you reply.
Display media that may contain sensitive content: Uncheck this if you don’t want to see sensitive media (images, video).
Mark media you Tweet as containing material that may be sensitive: If you tweet images and videos that people could be sensitive to, check this box.
Personalization and data: I recommend clicking this, then toggling Personalization and data to off to limit the amount of data Twitter and other companies collect about you.
In the Twitter menu, click Profile. Below your header photo, click Edit profile.
Edit your Bio, Location, and Website. Think carefully about what info you want to to be public.
Next to Birth date, click Edit. I strongly that you click Remove birth date to completely remove it from your profile. If you insist on showing your birthday, set the visibility for Month and day to something other than Public, but leave the year as Only you. Learn more.
Using Twitter Safely
If you’ve protected your tweets, then they’re only visible to people you approve. When you receive a request, it’s a good idea to verify the person’s identity (that they are the actual owner of the Twitter account, and that they sent you a request). You can do that by asking them in person, or through some other trusted channel that you’ve previously used to communicate with them (email, other social media, text/SMS, phone, etc.). Or you could ask a trusted mutual friend to confirm their identity.
If you use someone else’s device (computer, phone, tablet, etc.) to log into your Twitter account, be sure to log out when you’re finished! Otherwise, the other person can use Twitter as you after you leave.
Some websites let you log in with your Twitter account. Don’t use this option! If someone hacks your Twitter account, they gain access to all the accounts you’ve set up for Twitter login. Yes, it’s more work to create separate logins for each site, but remembering the logins doesn’t take any extra effort if you use a password manager (I like LastPass).
Just as you need to be careful about clicking links in email and other messages, you must be careful about clicking links you receive in Twitter direct messages (DMs).
Regardless of whether your tweets are public or private, be careful what you tweet. I’ve seen people tweet pictures of credit cards and plane tickets, and tweet that they’re on vacation far from home. Be wise about what you share with others. Learn more about the dangers of posting about travel.