Skip to Main Content

Recommended Twitter Settings

This document offers recommendations on Twitter account settings, which will increase privacy and security. It is each user’s decision how private and secure to keep his/her account, and whether to follow these recommendations.

To review your Twitter account settings and make the recommended changes, login to your Twitter account and click on your profile picture located in the upper right menu bar, then click “Settings” from the drop-down menu.

Here is where you find the settings menu

How to find the Twitter settings graphic

The table below is separated by sections for the Twitter Settings tabs.
Below each tab title is the Twitter setting option followed by Security Mentor’s recommendations.

Category Explanation of Recommendation Recommended Setting
Login verification We recommend that login verification is enabled to prevent cyber criminals from maliciously accessing your account. Send login verification requests to my phone or Send login verifications to the twitter app.
Password reset This will require additional information to be provided when someone attempts to reset the password using only your @username. Check this box:
Require personal information to reset my password.
Log in with code The default setting is to “allow my account to log in with either a password or login code”. This setting allows you to login if you have forgotten your password by sending a code to a registered email address or phone number. If you choose to allow with a code, secure your phone so that a thief can’t get access to your account. No recommendation
Photo tagging Defaults to “allow anyone to tag me in photos”. This option can allow anyone to associate a photo with your username and account. This can be harmful if you do not closely monitor your account activity. We recommend updating this setting to “only allow people I follow to tag me in photos”. Check this box:

  • Only allow people I follow to tag me in photos
  • – OR –

  • Do not allow anyone to tag me in photos
Tweet Privacy This decision depends on how you use your Twitter account. If your tweets are personal and for your network of friends, then you should check “Protect my Tweets”. It’s best to share tweets with only those you choose, not with everyone on Twitter and the Internet (search engines can also search Twitter) as you may unintentionally share personal information. Note: if you posted tweets before protecting them, they may still be visible. If however, your account is intended for the public, as you want everyone to read your tweets, then you would leave “Protect my Tweets” unchecked. Whether you decide to protect tweets or not, be careful what you write. Remember not to tweet sensitive personal information. Only tweet business information that is allowed by your company. No recommendation
Tweet Location Publishing a location, which is too specific, can reduce your personal security. And if you use Twitter for work, it could make a social engineering attack easier as an attacker would know when you were away. Leave this box unchecked:

  • Add a location to your Tweets
Discoverability

We recommend not checking this setting as it will enable all Twitter users to be able to find you by your email address, which would also make you more susceptible to spam and malicious attacks.

However, if you have a public Twitter account, you may choose to leave this setting enabled.

Uncheck this box:

  • Let others find me by my email address
Personalization Twitter personalization is about making recommendations of accounts for you to follow. This setting allows data to be collected about the websites you have visited that are integrated with Twitter (sites that have Twitter buttons or widgets). Twitter will store your browsing data for 10 days. We do not recommend storing information about websites you visit. Uncheck this box:

  • Tailor Twitter based on my recent website visits.
Promoted Content We recommend unchecking this setting. This setting allows Twitter to obtain and share your browser-related information (a browser cookie ID) with third party companies in order to tailor advertisements to you. Uncheck this box:

Twitter for teams Unless you are part of a team that is using Twitter, we suggest that you don’t let anyone add you to their team. Select this setting:

  • Do not allow anyone to add me to their team.
Direct Messages According to Twitter, “Direct Messages are the private side of Twitter. You can use Direct Messages to have private conversations with Twitter users about Tweets and other content.” This setting defaults to block messages from people you do not follow. We recommend keeping Twitter’s default setting and continue to block Direct Messages from Twitter users that you do not follow. Leave this option unchecked:

  • Receive Direct Messages from anyone.
Email / Web Notification Menu Item Activity related to your Tweets, Retweets, from your network or updates from Twitter. It is personal preference if you want to receive email messages regarding your Twitter activity. If you do receive emails from Twitter, remember that links in these messages could be malicious. Always be sure to check if a link is legitimate and secure before clicking, whether in your Twitter account or sent by email. For shortened URLs, fully expand the URL before clicking. Phishers regularly spoof social networks like Twitter making it appear like their malicious messages are sent from Twitter.
Profile Tab
  • Picture: In Twitter, if you upload a photo here, it will be publically viewable on the Internet and discoverable by Web searches. Decide if you want your photo to be publically seen.
  • Location: Criminals can use personal location information for robberies, stalking, and social engineering. If you share location information, it is safest if you have “Tweet Privacy” turned on.
  • Birthday: For privacy and protection from identity theft, don’t share personally identifiable information (PII) online.
Use your agency logo for the picture, if you don’t have a logo use the Maryland Crown logo. Don’t fill in location and don’t fill in your birthday.