SAN FRANCISCO – Twitter has recommended its more than 336 million users change their passwords due to a “bug.”

The company announced on Thursday it discovered a bug that saved user passwords on an internal log without proper encryption.

Twitter played down the incident and said there’s no evidence any passwords were used for nefarious purposes. But it appears to be showing all of its users a pop-up window prompting them to change their passwords.

Twitter said it has since fixed the issue. Although the company said there is no evidence passwords have been leaked or misused, it is urging its users to update their passwords.

“As a precaution, consider changing your password on all services where you’ve used this password,” the company tweeted.

Making the change

Here’s how to do it:

  • Password reset

Twitter is making it easy to get started. The company is showing users a notification that links directly to its password reset page. You can also get there by going to Settings and Privacy -> Change Password on Twitter’s website, or Settings and Privacy -> Account -> Change Password on the mobile app. You will need to enter your existing password, then a new password twice.

If you really enjoy cheese, perhaps your Twitter password was “ilovecheese.” You should change the password to a new, entirely unique password that is not related to cheese. Try a combination of four or more unrelated words instead of a common phrase. Drop in some number, characters, and a mixture of upper and lower case letters.

  • Get a password manager

Since the best passwords should be hard to remember, consider using a password manager like 1Password or Lastpass. Password managers are applications that can generate long, unique passwords for every service you use, and remember them all so you don’t have to.

  • Turn on two-factor authentication

Two-factor authentication is a setting offered on most major services, including social media, email, and financial accounts. Turning it on means even if someone does have your password, they can’t access your accounts without a second piece of information, like a code texted to your phone.

Twitter calls this setting “login verification.” It’s under Account -> Security in your Twitter settings. Select “Verify login requests” and you will have to enter a second piece of information each time you login. Twitter will send a code to your phone over SMS or to an authenticator app.

  • Change your other passwords too

Tired of the endless partisan bickering and memes, you stopped posting to Twitter in 2016 and took up knitting. Congratulations on your life choices! But you might still need to change some passwords.

If you used the same password on any other services like Facebook or your bank account, you should change those passwords immediately as well. Update them even if you use slight variations that could be easily figured out, such as “ilovecheddar” or “ilovemunster.”

Make sure each new password is also unique or you will have to go through this process again the next time there is a password issue at one of the services you use. (There will always be a next time.)