Twitter settles privacy case with the FTC

Twitter has agreed to adopt a new security program which will settles its privacy case with the US Federal Trade Commission.

The Commission said that the micro-blogging site would be enforcing best practices for password selection and control as well as submit to regular audits of its security controls.

Among the measures required will be the adoption of unique non-dictionary passwords not used with other accounts or stored within unencrypted email messages.

The company will also be required to swap out passwords regularly and protect its administrative controls through a unique log-in page that locks an account after a certain number of failed log-in attempts.

Additionally, the company will be required to adjust its notifications to users in order to avoid misleading them about the company's privacy protections.

In a blog posting, Twitter general counsel Andrew Macgillivray said that the company had already adopted a number of the stipulations in the settlement.

"Even before the agreement, we'd implemented many of the FTC's suggestions and the agreement formalizes our commitment to those security practices," he wrote.

The deal stems from a pair of breaches Twitter suffered in 2009 which lead to user accounts being compromised and a breach of Twitter corporate data. The FTC said that the breaches were due to lax security practices, such as using dictionary-based passwords and not limiting the number of log-in attempts on an account.

"When a company promises consumers that their personal information is secure, it must live up to that promise," said FTC bureau of consumer protection director David Vladeck.

"Likewise, a company that allows consumers to designate their information as private must use reasonable security to uphold such designations."