Twitter wasn’t hacked, but it really really really wants you to change your password.

Yesterday, Twitter urged all 336 million of its users to change their passwords. This notification came after the service had found and fixed a “bug” that stored user passwords internally without adequate security.

The social media giant didn’t reveal how many user passwords may have potentially been compromised or how long the bug had been exposing passwords before it was found/fixed – but every account got the change notification, so clearly it’s an issue.

“We recently found a bug that stored passwords unmasked in an internal log,” Twitter tweeted. “We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password.”

We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ

— Twitter Support (@TwitterSupport) May 3, 2018

Twitter said that users should change their passwords, both on the site itself and anywhere else they may have used the same password, which includes third-party apps like Twitterrific and TweetDeck. As such, here’re some how-to details:

Password Reset

The alert/notification you received yesterday links directly to Twitter’s password reset page – follow it.

Or

You can also change your password by going to Settings and Privacy -> Change Password on Twitter’s website. You can also go to Settings and Privacy -> Account -> Change Password on the mobile app. You will need to enter your existing password, then a new password twice.

Make sure to change your password on Twitter and on any other service where you may have used the same password. Use a strong password that you don’t reuse on other websites.

Enable Login Verification

Twitter really wants you to enable login verification, also known as two-factor authentication.

Two-factor authentication is a setting offered on most major services, including social media, email and financial accounts. Turning it on means even if someone does have your password, they can’t access your accounts without a second piece of information, like a code texted to your phone. It’s annoying, but it’s also great. According to Twitter, “this is the single best action you can take to increase your account security.”

Twitter’s login verification/two-factor authenticaiton setting is under Account -> Security in your Twitter settings. Select “Verify login requests,” and you will have to enter a second piece of information each time you login. Twitter will send a code to your phone over SMS or to an authenticator app.

Manage Those Passwords (because they are impossible to remember at this point)

Use a password manager to make sure you’re using strong, unique passwords everywhere.

Since the best passwords should be difficult-to-downright-impossible to remember, consider using a password manager like 1Password or Lastpass. Password managers are applications that can generate long, unique passwords for every service you use, and remember them all so you don’t have to.

Though uneven in its policy enforcement and certainly in the midst of wider change, Twitter is still one of the most adult-friendly and widely used social networks. This is worth paying attention to.