This includes measures that should anyways be used for handling sensitive information. For example, the company has to make its employees use passwords that are not easy to guess.
Furthermore, these passwords must not be stored unencrypted in e-mail accounts and have to be changed every 90 days. Access to Twitter’s administration panel must be locked when a wrong password has been entered multiple times. The admin panel should get restricted access from white-listed employees and IP addresses only.
With these measures, the FTC responds to the case of the French citizen nicknamed “Kroll,” recently judged to a suspended sentence. He had made his way into the Twitter backbone by collecting information about some Twitter employees and was thus able to guess their passwords.
According to the company, most of the FTC requirements have already been put into place. In the coming weeks, the authority is going to check whether Twitter submits to the commandments.