3 YEAR
3 YEAR OF SERVICE
LEVEL 2
150 XP
Hi there,
Today I decided to create a thread regarding How to secure Twitter Accounts since I got a huge experience on this social media and I think I can help you all securing as much as possible your OG usernames and accounts.
This thread will be divided on different points expressed in the following index:
1.- What's the OGE of a Twitter Account? Where can I find it? Is it really important?
2.- How Twitter Support works internally regarding recover a hacked account. Tips for recovery
3.- Multi Factor Authentication, Two Step Factor Authentication, security methods...
4.- OGE domains: what's better? Which email provider should I use on Twitter?
5.- Regarding phone numbers. Devices (computer, phones, many others...)
Today I decided to create a thread regarding How to secure Twitter Accounts since I got a huge experience on this social media and I think I can help you all securing as much as possible your OG usernames and accounts.
This thread will be divided on different points expressed in the following index:
1.- What's the OGE of a Twitter Account? Where can I find it? Is it really important?
2.- How Twitter Support works internally regarding recover a hacked account. Tips for recovery.
3.- Multi Factor Authentication, Two Step Factor Authentication, security methods...
4.- OGE domains: what's better? Which email provider should I use on Twitter?
5.- Regarding phone numbers. Devices (computer, phones, many others...).
6.- Twitter emails: good to know information and links.
7.- Passwords.
8.- About swapping your OG username. Types of usernames (swappable or not)...
9.- Tips for OG usernames that have less than 5 characters.
10.- Sessions on Twitter. Applications. History access.
11.- Extras.
2.- How Twitter Support works internally regarding recover a hacked account. Tips for recovery.
3.- Multi Factor Authentication, Two Step Factor Authentication, security methods...
4.- OGE domains: what's better? Which email provider should I use on Twitter?
5.- Regarding phone numbers. Devices (computer, phones, many others...).
6.- Twitter emails: good to know information and links.
7.- Passwords.
8.- About swapping your OG username. Types of usernames (swappable or not)...
9.- Tips for OG usernames that have less than 5 characters.
10.- Sessions on Twitter. Applications. History access.
11.- Extras.
1.- What's the OGE of a Twitter Account? Where can I find it? Is it really important?
The OGE (also known as Original Email) is the email used to register your Twitter account. We should always buy an account with this email included since it can mean the loss of the user anytime.
We can find the original email in the archive of our Twitter account. Normally, this file is accessible after being requested. It takes between 1 and 3 days to be able to download it.
A few tips to determine if the email provided by a seller it's actually the OGE:
1. We can ask for a screenshot with the timestamp of when the account was created:
Then we can just compare the timestamp with the month and year of creation of the account.
2. Alternatively, we can request the account file (archive) from the seller. This is not very reliable as anyone can manually modify the HTML or JS code in the file.
If the seller doesn't have the archive or you just want to check if it's actually the OGE or not you should request the archive after you buy the account (or just when the MM is holding funds until you actually check it).
P.S. The Twitter archive should look like this:
Be careful!
Sometimes email providers like Hotmail (or Outlook) remove inactive mails after 1-2 years so accounts have an unregistered OGE. You should check the archive and then determinate if you are be able to recreate the OGE or not.
In conclusion, we can determine that the original email is important for our account.
We can find the original email in the archive of our Twitter account. Normally, this file is accessible after being requested. It takes between 1 and 3 days to be able to download it.
A few tips to determine if the email provided by a seller it's actually the OGE:
1. We can ask for a screenshot with the timestamp of when the account was created:
Then we can just compare the timestamp with the month and year of creation of the account.
2. Alternatively, we can request the account file (archive) from the seller. This is not very reliable as anyone can manually modify the HTML or JS code in the file.
If the seller doesn't have the archive or you just want to check if it's actually the OGE or not you should request the archive after you buy the account (or just when the MM is holding funds until you actually check it).
P.S. The Twitter archive should look like this:
Be careful!
Sometimes email providers like Hotmail (or Outlook) remove inactive mails after 1-2 years so accounts have an unregistered OGE. You should check the archive and then determinate if you are be able to recreate the OGE or not.
In conclusion, we can determine that the original email is important for our account.
2.- How Twitter Support works internally regarding recover a hacked account. Tips for recovery
My long experience with Twitter Support has been kinda bad. Normally the basic support offered by Twitter is automated and its responses are based on direct inquiries to its panel, so an agent will very rarely attend any ticket.
For this reason, it is always advisable to have the original email of the account and have the greatest detail for a possible loss of the account. Every user who buys a Twitter account must have the following information written down in a notepad or a safe place:
1. What emails have you had associated to your account?
2. What phone numbers have you had associated to your account?
Also if something happens:
3. How did your account get hacked/lost?
4. When was it hacked/lost?
All these questions can be answered by checking the Twitter archive of your account.
For this reason, it is always advisable to have the original email of the account and have the greatest detail for a possible loss of the account. Every user who buys a Twitter account must have the following information written down in a notepad or a safe place:
1. What emails have you had associated to your account?
2. What phone numbers have you had associated to your account?
Also if something happens:
3. How did your account get hacked/lost?
4. When was it hacked/lost?
All these questions can be answered by checking the Twitter archive of your account.
Personally, I recommend you to insist on opening multiple tickets in case you receive a negative response from Twitter. Normally when I insisted for long months I have recovered accounts that I considered lost. Of course, having the original mail.
3.- Multi Factor Authentication, Two Step Factor Authentication, security methods...
Any OG Twitter owner should check and disable the old multiple factor authentication. After having done so, you must establish your own.
To configure our MFA (2FA) we must visit the following links:
1. In the following link we can see the different security options. For now we are only interested in the marked one.
https://twitter.com/settings/security_and_account_access
2. In the following link we can configure the different double authentication options.
https://twitter.com/settings/security
We have to mark the option Password reset protect. This will enable an extra security to avoid mass mailing and a prior verification of the associated email when resetting our password.
In the following image we will see the different options that we have to verify our authenticity once we log in:
Personally, I only recommend turning on checking via Authenticator app. Alternatively, you can enable the option Security key in case you have one, for example: Yubico.
To configure our MFA (2FA) we must visit the following links:
1. In the following link we can see the different security options. For now we are only interested in the marked one.
https://twitter.com/settings/security_and_account_access
2. In the following link we can configure the different double authentication options.
https://twitter.com/settings/security
We have to mark the option Password reset protect. This will enable an extra security to avoid mass mailing and a prior verification of the associated email when resetting our password.
In the following image we will see the different options that we have to verify our authenticity once we log in:
Personally, I only recommend turning on checking via Authenticator app. Alternatively, you can enable the option Security key in case you have one, for example: Yubico.
I do not recommend enabling text message authentication as it is susceptible to SIM Swapping attacks.
4.- OGE domains: what's better? Which email provider should I use on Twitter?
We understand by the domains of the original emails as the email providers. Normally we will find ourselves in the following cases:
- Gmail: Probably one of the least secure options. The user who sells a Twitter account that has actually created this email can recover it with complete ease. This recovery is based on the recent linked devices and obviously on a specific period of time to be able to do this process. In most of the cases, the original email will be a Gmail, so we are all really exposed to this issue.
- Outlook: Personally, it is the safest option although there is nothing safe in this community. The reasons are simple, Outlook offers fewer recovery options than Gmail. Gmail is ineffective due to their non-existent support. We may also recreate the original email after a reasonable downtime.
- Custom domains: This option is also safe, it depends on how we can handle it. We will have to always own the domain, transferring it to a trusted hosting and keeping renewed always.
- Others (f.e Yahoo, Mail.com, GMX...): They may be safe options but personally, I don't know how their support works. This depends on you.
If we want to change the original email of the account to our own we will be able to do so as long as we use a trusted provider listed above.
- Gmail: Probably one of the least secure options. The user who sells a Twitter account that has actually created this email can recover it with complete ease. This recovery is based on the recent linked devices and obviously on a specific period of time to be able to do this process. In most of the cases, the original email will be a Gmail, so we are all really exposed to this issue.
- Outlook: Personally, it is the safest option although there is nothing safe in this community. The reasons are simple, Outlook offers fewer recovery options than Gmail. Gmail is ineffective due to their non-existent support. We may also recreate the original email after a reasonable downtime.
- Custom domains: This option is also safe, it depends on how we can handle it. We will have to always own the domain, transferring it to a trusted hosting and keeping renewed always.
- Others (f.e Yahoo, Mail.com, GMX...): They may be safe options but personally, I don't know how their support works. This depends on you.
If we want to change the original email of the account to our own we will be able to do so as long as we use a trusted provider listed above.
If your user is very valuable, I recommend using several authentication factors even in the recovery linked emails and in the original email. See the provider FAQ for more information about their 2FA.
5.- Regarding phone numbers. Devices (computer, phones, many others...)
Honestly, no one should link their phone number to their Twitter account. But there are certain exceptions that I would like to comment on.
1. The first of these is that it offers us better security against possible ban waves. Normally a Twitter account without an associated phone number is susceptible to temporary and even permanent locks.
2. If you think your account is not valuable enough, do so. Also make sure to use a phone number whose provider is safe from possible SIM Swapping attacks.
In general, for high value usernames (OG usernames) I would not recommend linking a phone number to the account, not only for the reasons explained, but also because of the possible loss of value of the account when selling it.
On the other hand, I do not recommend linking a mobile device to a Twitter account. This means that we should not log in from the Twitter application since our device will be automatically linked to the account forever. Use any mobile browser like Safari or Chrome (preferrably on incognito mode).
Tweeting from a computer shouldn't be a problem.
1. The first of these is that it offers us better security against possible ban waves. Normally a Twitter account without an associated phone number is susceptible to temporary and even permanent locks.
2. If you think your account is not valuable enough, do so. Also make sure to use a phone number whose provider is safe from possible SIM Swapping attacks.
In general, for high value usernames (OG usernames) I would not recommend linking a phone number to the account, not only for the reasons explained, but also because of the possible loss of value of the account when selling it.
On the other hand, I do not recommend linking a mobile device to a Twitter account. This means that we should not log in from the Twitter application since our device will be automatically linked to the account forever. Use any mobile browser like Safari or Chrome (preferrably on incognito mode).
Tweeting from a computer shouldn't be a problem.
