You may have recently received an email from Twilio or a message in Console regarding your password. We regularly perform standard checks to ensure the security of your account, and will notify you if your password is too weak, or needs to be changed.
Every time you log into Twilio.com, an automated system checks the password you entered successfully against our minimum password policy requirements. In many cases, these requests are sent to users that have older requirements that need to be updated.
The minimum password standard check is separate from the comparison operation we do to authenticate your account, which involves “hashing” the password (a secure one-way encryption algorithm) and comparing it to our securely stored value. Twilio does not store your password in plaintext or in a reversible format.
We require your password be at least 14 characters, but do not have a requirement for special characters. We generally recommend using a passphrase, or a long sentence with special characters, as these have proven difficult to crack.
We also suggest avoiding using personal information, usernames, or similar or repeated passwords.
What you need to do
If your password doesn't meet our minimum policies, we automatically trigger a password reset request by sending a link to the email address linked to your Twilio user. The link in the reset email will guide you to creating a more secure password and you’ll be ready to access Twilio again.
I haven’t logged in recently but I received one or more password reset emails
Someone may have discovered your password through techniques such as credential stuffing (which involves attempting logins with passwords shared with other compromised sites) or guessing your password using other techniques. Your Twilio project has not been compromised, but your password may have been. You are blocked from console access until you upgrade your password to the new requirements. You should log in to Twilio with your old password and get a fresh password reset link, upgrade your password strength, and you’ll be all set!
I didn’t receive a password reset email
Please check your spam folder first. If you can’t locate your email, you can get in touch with our support team to receive a reset link.
If you no longer have access to the email you registered under, we’ll verify by other means. You can contact customer support for more details.
What else can I do to secure my project?
For additional security we also recommend you implement our two-factor solution using SMS or Authy. Please see the following support article on how to do that: Enabling two factor authentication on your Twilio project, and our guide regarding anti-fraud prevention: Anti-Fraud Developer’s Guide