Hi there,
Today I decided to create a thread regarding How to secure Twitter Accounts since I got a huge experience on this social media and I think I can help you all securing as much as possible your OG usernames and accounts.
This thread will be divided on different points expressed in the following index:
1.- What's the OGE of a Twitter Account? Where can I find it? Is it really important?
2.- How Twitter Support works internally regarding recover a hacked account. Tips for recovery
3.- Multi Factor Authentication, Two Step Factor Authentication, security methods...
4.- OGE domains: what's better? Which email provider should I use on Twitter?
5.- Regarding phone numbers. Devices (computer, phones, many others...)
Today I decided to create a thread regarding How to secure Twitter Accounts since I got a huge experience on this social media and I think I can help you all securing as much as possible your OG usernames and accounts.
This thread will be divided on different points expressed in the following index:
1.- What's the OGE of a Twitter Account? Where can I find it? Is it really important?
2.- How Twitter Support works internally regarding recover a hacked account. Tips for recovery.
3.- Multi Factor Authentication, Two Step Factor Authentication, security methods...
4.- OGE domains: what's better? Which email provider should I use on Twitter?
5.- Regarding phone numbers. Devices (computer, phones, many others...).
6.- Twitter emails: good to know information and links.
7.- Passwords.
8.- About swapping your OG username. Types of usernames (swappable or not)...
9.- Tips for OG usernames that have less than 5 characters.
10.- Sessions on Twitter. Applications. History access.
11.- Extras.
2.- How Twitter Support works internally regarding recover a hacked account. Tips for recovery.
3.- Multi Factor Authentication, Two Step Factor Authentication, security methods...
4.- OGE domains: what's better? Which email provider should I use on Twitter?
5.- Regarding phone numbers. Devices (computer, phones, many others...).
6.- Twitter emails: good to know information and links.
7.- Passwords.
8.- About swapping your OG username. Types of usernames (swappable or not)...
9.- Tips for OG usernames that have less than 5 characters.
10.- Sessions on Twitter. Applications. History access.
11.- Extras.
1.- What's the OGE of a Twitter Account? Where can I find it? Is it really important?
The OGE (also known as Original Email) is the email used to register your Twitter account. We should always buy an account with this email included since it can mean the loss of the user anytime.
We can find the original email in the archive of our Twitter account. Normally, this file is accessible after being requested. It takes between 1 and 3 days to be able to download it.
A few tips to determine if the email provided by a seller it's actually the OGE:
1. We can ask for a screenshot with the timestamp of when the account was created:
Then we can just compare the timestamp with the month and year of creation of the account.
2. Alternatively, we can request the account file (archive) from the seller. This is not very reliable as anyone can manually modify the HTML or JS code in the file.
If the seller doesn't have the archive or you just want to check if it's actually the OGE or not you should request the archive after you buy the account (or just when the MM is holding funds until you actually check it).
P.S. The Twitter archive should look like this:
Be careful!
Sometimes email providers like Hotmail (or Outlook) remove inactive mails after 1-2 years so accounts have an unregistered OGE. You should check the archive and then determinate if you are be able to recreate the OGE or not.
In conclusion, we can determine that the original email is important for our account.
We can find the original email in the archive of our Twitter account. Normally, this file is accessible after being requested. It takes between 1 and 3 days to be able to download it.
A few tips to determine if the email provided by a seller it's actually the OGE:
1. We can ask for a screenshot with the timestamp of when the account was created:
Then we can just compare the timestamp with the month and year of creation of the account.
2. Alternatively, we can request the account file (archive) from the seller. This is not very reliable as anyone can manually modify the HTML or JS code in the file.
If the seller doesn't have the archive or you just want to check if it's actually the OGE or not you should request the archive after you buy the account (or just when the MM is holding funds until you actually check it).
P.S. The Twitter archive should look like this:
Be careful!
Sometimes email providers like Hotmail (or Outlook) remove inactive mails after 1-2 years so accounts have an unregistered OGE. You should check the archive and then determinate if you are be able to recreate the OGE or not.
In conclusion, we can determine that the original email is important for our account.
2.- How Twitter Support works internally regarding recover a hacked account. Tips for recovery
My long experience with Twitter Support has been kinda bad. Normally the basic support offered by Twitter is automated and its responses are based on direct inquiries to its panel, so an agent will very rarely attend any ticket.
For this reason, it is always advisable to have the original email of the account and have the greatest detail for a possible loss of the account. Every user who buys a Twitter account must have the following information written down in a notepad or a safe place:
1. What emails have you had associated to your account?
2. What phone numbers have you had associated to your account?
Also if something happens:
3. How did your account get hacked/lost?
4. When was it hacked/lost?
All these questions can be answered by checking the Twitter archive of your account.
For this reason, it is always advisable to have the original email of the account and have the greatest detail for a possible loss of the account. Every user who buys a Twitter account must have the following information written down in a notepad or a safe place:
1. What emails have you had associated to your account?
2. What phone numbers have you had associated to your account?
Also if something happens:
3. How did your account get hacked/lost?
4. When was it hacked/lost?
All these questions can be answered by checking the Twitter archive of your account.
Personally, I recommend you to insist on opening multiple tickets in case you receive a negative response from Twitter. Normally when I insisted for long months I have recovered accounts that I considered lost. Of course, having the original mail.
3.- Multi Factor Authentication, Two Step Factor Authentication, security methods...
Any OG Twitter owner should check and disable the old multiple factor authentication. After having done so, you must establish your own.
To configure our MFA (2FA) we must visit the following links:
1. In the following link we can see the different security options. For now we are only interested in the marked one.
https://twitter.com/settings/security_and_account_access
2. In the following link we can configure the different double authentication options.
https://twitter.com/settings/security
We have to mark the option Password reset protect. This will enable an extra security to avoid mass mailing and a prior verification of the associated email when resetting our password.
In the following image we will see the different options that we have to verify our authenticity once we log in:
Personally, I only recommend turning on checking via Authenticator app. Alternatively, you can enable the option Security key in case you have one, for example: Yubico.
To configure our MFA (2FA) we must visit the following links:
1. In the following link we can see the different security options. For now we are only interested in the marked one.
https://twitter.com/settings/security_and_account_access
2. In the following link we can configure the different double authentication options.
https://twitter.com/settings/security
We have to mark the option Password reset protect. This will enable an extra security to avoid mass mailing and a prior verification of the associated email when resetting our password.
In the following image we will see the different options that we have to verify our authenticity once we log in:
Personally, I only recommend turning on checking via Authenticator app. Alternatively, you can enable the option Security key in case you have one, for example: Yubico.
I do not recommend enabling text message authentication as it is susceptible to SIM Swapping attacks.
4.- OGE domains: what's better? Which email provider should I use on Twitter?
We understand by the domains of the original emails as the email providers. Normally we will find ourselves in the following cases:
- Gmail: Probably one of the least secure options. The user who sells a Twitter account that has actually created this email can recover it with complete ease. This recovery is based on the recent linked devices and obviously on a specific period of time to be able to do this process. In most of the cases, the original email will be a Gmail, so we are all really exposed to this issue.
- Outlook: Personally, it is the safest option although there is nothing safe in this community. The reasons are simple, Outlook offers fewer recovery options than Gmail. Gmail is ineffective due to their non-existent support. We may also recreate the original email after a reasonable downtime.
- Custom domains: This option is also safe, it depends on how we can handle it. We will have to always own the domain, transferring it to a trusted hosting and keeping renewed always.
- Others (f.e Yahoo, Mail.com, GMX...): They may be safe options but personally, I don't know how their support works. This depends on you.
If we want to change the original email of the account to our own we will be able to do so as long as we use a trusted provider listed above.
- Gmail: Probably one of the least secure options. The user who sells a Twitter account that has actually created this email can recover it with complete ease. This recovery is based on the recent linked devices and obviously on a specific period of time to be able to do this process. In most of the cases, the original email will be a Gmail, so we are all really exposed to this issue.
- Outlook: Personally, it is the safest option although there is nothing safe in this community. The reasons are simple, Outlook offers fewer recovery options than Gmail. Gmail is ineffective due to their non-existent support. We may also recreate the original email after a reasonable downtime.
- Custom domains: This option is also safe, it depends on how we can handle it. We will have to always own the domain, transferring it to a trusted hosting and keeping renewed always.
- Others (f.e Yahoo, Mail.com, GMX...): They may be safe options but personally, I don't know how their support works. This depends on you.
If we want to change the original email of the account to our own we will be able to do so as long as we use a trusted provider listed above.
If your user is very valuable, I recommend using several authentication factors even in the recovery linked emails and in the original email. See the provider FAQ for more information about their 2FA.
5.- Regarding phone numbers. Devices (computer, phones, many others...)
Honestly, no one should link their phone number to their Twitter account. But there are certain exceptions that I would like to comment on.
1. The first of these is that it offers us better security against possible ban waves. Normally a Twitter account without an associated phone number is susceptible to temporary and even permanent locks.
2. If you think your account is not valuable enough, do so. Also make sure to use a phone number whose provider is safe from possible SIM Swapping attacks.
In general, for high value usernames (OG usernames) I would not recommend linking a phone number to the account, not only for the reasons explained, but also because of the possible loss of value of the account when selling it.
On the other hand, I do not recommend linking a mobile device to a Twitter account. This means that we should not log in from the Twitter application since our device will be automatically linked to the account forever. Use any mobile browser like Safari or Chrome (preferrably on incognito mode).
Tweeting from a computer shouldn't be a problem.
1. The first of these is that it offers us better security against possible ban waves. Normally a Twitter account without an associated phone number is susceptible to temporary and even permanent locks.
2. If you think your account is not valuable enough, do so. Also make sure to use a phone number whose provider is safe from possible SIM Swapping attacks.
In general, for high value usernames (OG usernames) I would not recommend linking a phone number to the account, not only for the reasons explained, but also because of the possible loss of value of the account when selling it.
On the other hand, I do not recommend linking a mobile device to a Twitter account. This means that we should not log in from the Twitter application since our device will be automatically linked to the account forever. Use any mobile browser like Safari or Chrome (preferrably on incognito mode).
Tweeting from a computer shouldn't be a problem.
6.- Twitter emails: good to know information and links
7.- Passwords
8.- About swapping your OG username. Types of usernames (swappable or not)...
9.- Tips for OG usernames that have less than 5 characters
10.- Sessions on Twitter. Applications. History access
11.- Extras
Shout out @p (the homie), @yani and @faiq (past guides and their entire experience with Twitter).
In some emails we are offered certain links of interest. Especially one of them, the aforementioned "Not my account".
What this special link causes is the unlinking of the current email. This link can help us change our email safely with a lower risk of getting our account locked. Personally, I've been using it since 2015 and 2016 to change emails on verified accounts susceptible to get locked just because they were verified.
Be careful!
This link is only valid for about 24hrs. Keep this in mind when selling or buying an account.
What this special link causes is the unlinking of the current email. This link can help us change our email safely with a lower risk of getting our account locked. Personally, I've been using it since 2015 and 2016 to change emails on verified accounts susceptible to get locked just because they were verified.
Be careful!
This link is only valid for about 24hrs. Keep this in mind when selling or buying an account.
7.- Passwords
The best password is the one that you wouldn't even be able to remember. For this reason, we have to use password generators and managers.
A list of examples of free services we can use:
- LastPass: It offers a password generator, you could add more random letters and characters to the password just in case you don't feel safe about it.
- iCloud
- KeePass
- Others
A list of examples of free services we can use:
- LastPass: It offers a password generator, you could add more random letters and characters to the password just in case you don't feel safe about it.
- iCloud
- KeePass
- Others
8.- About swapping your OG username. Types of usernames (swappable or not)...
Before swapping your Twitter username you have to know the following:
1. There are Twitter users who are blacklisted. Despite having five or more characters you will not be able to swap them.
2. Users with four characters or less are not swappable.
3. If your user has more than five characters and you can swap them you will have to contact someone appropriate to do so (f.e @yani personally, the most trusted swapper).
To check if your user is blacklisted I recommend using a Discord bot that is capable of checking it. By boosting the Kingz official Discord server you can do this.
1. There are Twitter users who are blacklisted. Despite having five or more characters you will not be able to swap them.
2. Users with four characters or less are not swappable.
3. If your user has more than five characters and you can swap them you will have to contact someone appropriate to do so (f.e @yani personally, the most trusted swapper).
To check if your user is blacklisted I recommend using a Discord bot that is capable of checking it. By boosting the Kingz official Discord server you can do this.
9.- Tips for OG usernames that have less than 5 characters
Users with less than 5 characters are more susceptible to get locked or suspended. Therefore, I drop here a list of tips that have also been discussed throughout the thread:
1. Always write down the emails used in your account in a safe place. As well as phone numbers.
2. If you don't have the original email, always ask for the Twitter file. This will give you more usable information.
3. Protect properly associated emails with 2FA/MFA.
These are tips that seem very common and typical. But believe me, this is what people usually fail at.
1. Always write down the emails used in your account in a safe place. As well as phone numbers.
2. If you don't have the original email, always ask for the Twitter file. This will give you more usable information.
3. Protect properly associated emails with 2FA/MFA.
These are tips that seem very common and typical. But believe me, this is what people usually fail at.
10.- Sessions on Twitter. Applications. History access
After buying a Twitter account, you should check the open sessions and the applications associated with the account. This can be done through the following steps:
1. Visit the following link: https://twitter.com/settings/security_and_account_access
1. Visit the following link: https://twitter.com/settings/security_and_account_access
2. First, we can look around Apps and sessions here: https://twitter.com/settings/apps_and_sessions
We have four options to dig into:
- Connected apps: These are the applications that have been connected to your account. These allow partial or complete access. They should all be revoked like so:
- Sessions: These are the open sessions in our account. Normally if we change the password all these are revoked, but for security it is recommended to check it and log out of all sessions.
- Account access history: This is the history of access to our account. We can look into this to see the IP addresses logged among more information.
- Logged-in devices and apps: The last option refers to the possible devices that Twitter uses to improve 'your experience'. It is recommended to disable this option.
We have four options to dig into:
- Connected apps: These are the applications that have been connected to your account. These allow partial or complete access. They should all be revoked like so:
- Sessions: These are the open sessions in our account. Normally if we change the password all these are revoked, but for security it is recommended to check it and log out of all sessions.
- Account access history: This is the history of access to our account. We can look into this to see the IP addresses logged among more information.
- Logged-in devices and apps: The last option refers to the possible devices that Twitter uses to improve 'your experience'. It is recommended to disable this option.
11.- Extras
1. You should know from which IP address and country your account has been created. To do so look into your account settings and save this information:
2. You should also know which is the country of creation of the account.
3. I recommend you to not talk about weird things in private messages. You can easily report them with 1 click and Twitter actually checks them. Avoid potential issues with Twitter as a potential lock or suspension.
4. If your user is very valuable I recommend changing your account to private.
5. Do not change your profile picture, header, among other personalization features too much.
2. You should also know which is the country of creation of the account.
3. I recommend you to not talk about weird things in private messages. You can easily report them with 1 click and Twitter actually checks them. Avoid potential issues with Twitter as a potential lock or suspension.
4. If your user is very valuable I recommend changing your account to private.
5. Do not change your profile picture, header, among other personalization features too much.
Shout out @p (the homie), @yani and @faiq (past guides and their entire experience with Twitter).
