X (Twitter) security audit

X / Twitter Security Scorecard

X is a platform where anyone can pay $8 to look legitimate and then DM you about crypto. Your settings are either keeping the scammers out or rolling out a red carpet made of your personal data. Let's find out which.

How this works: Check the boxes for things you've actually done. Not things you're "pretty sure" are on. Not things you meant to do after the last data breach headline scared you for 45 seconds. Each setting is weighted by how badly it hurts when a scammer exploits the gap. You get a grade and a prioritized fix list. No feelings will be spared.

Account Security

Two-Factor Authentication

Is two-factor authentication enabled on your X account?

25pts

Strong Unique Password

Is your X password unique and not reused from any other site?

15pts

Password Reset Protection

Have you enabled 'Additional password protection' in security settings?

10pts

Active Sessions Reviewed

Have you checked your active sessions in the last 30 days?

10pts

Privacy Settings

DM Controls Restricted

Are your DMs set to 'Only people you follow'?

20pts

Phone/Email Discoverability Disabled

Have you turned off 'Let others find you by your email' and 'Let others find you by your phone'?

15pts

Location Info Disabled

Is 'Add location information to your posts' turned off?

10pts

Awareness

Blue Check Skepticism

Do you understand that a paid blue check on X means someone spent $8, not that they're trustworthy?

15pts

Behavior

Link Hover Habit

Do you hover over links before clicking them in replies and DMs?

15pts

Fake Support Awareness

Do you ignore 'support' accounts that DM you after you tweet a complaint?

15pts