Tips for Managing Twitter Access with Meldium


With 300 million active monthly users, the opporutnity on Twitter for businesses is undeniable. Many companies large and small use it to engage with customers, share news, track their brand and build loyalty.

Typically businesses have a master Twitter handle that acts as the voice of their organization. This opens up great opportunity to engage with customers as prospects - as long as a number of stakeholders are granted access. How could Arby’s have scored so big during the 2014 Grammys if only one person had access? Although Twitter can positively impact customer engagement, the proliferation of social media accounts presents a a clear security threat, as we have seen covered over the past weeks and months in the news. Given all this, it is important to have a system in place to strengthen your brand, and keep your business secure. Here's a handful of tips for managing your @company handle.


Setup a shared alias (e.g. as the master email for the Twitter account. Having a shared alias in place, rather than attaching an account to one person's inbox prevents orphaning the account when someone leaves from your organization. In addition, In the event that a password is lost, the appropriate team members have the ability to retrieve a reset password (since admins can get to the shared inbox).


Choose a point-person in your company (marketing director, social media coordinator, etc) to determine your Twitter handle and create a unique, complex password for the account. If the password is easy to recall, it will be even easier for a hacker to exploit. It's easy to avoid using "12345" or "password" but creating a truly secure password by hand is hard. The password should be impossible for even its creator to remember it, which means you should use a password vault like Meldium to store it.

Tools such as HootSuite, TweetDeck, Buffer, and Sprinklr are great for delegating access to a Twitter account across your team. Ultimately, you will need to share direct access to Twitter's site. Sending passwords via e-mail or via spreadsheets will leave your company more susceptible to cyber attacks (the recent Sony hacks enabled attackers to access scores of Twitter accounts because their passwords were stored in readily available unencrypted spreadsheets). A good password manager can help you do this right. Meldium even ensures that passwords are never shared over the wire! You can either share with your entire team or with specific individuals who will be contributors to your Twitter account.


Just as it's easy to share access, you want to make sure you can revoke that access instantly. Many disgruntled employees have done damage to brands via Twitter in tense situations. With Meldium, you can revoke any access a member of your organization has when they leave with one click (whether it's Twitter or any other critical account they have).

In the special event that the master account holder leaves the company, Meldium can help navigate that obstacle as well. An admin can reassign the master credentials to another team member who would take on the role of account owner.

Changing your passwords frequently, at least every few months, is important for all your apps and services, especially those with shared privileges. When multiple people share a password (bad!), it's a pain to change it and notify everyone so we often don't bother to do it (worse!). Meldium can do the work for you – without your team missing a single tweet. First, since no one knows the password, they always access the account via a central broker that is always up-to-date. Second, with Automatic Password Update, Meldium will create a strong, unique password and change it directly in Twitter. Your team members won't even know the password has changed!





Once a brand is on social media customers can expect a lot. It's essential to not only focus on mentions and conversations, but to quickly zero in on support issues. If you're looking to step up your customer service game, consider creating a dedicated customer service handle that is separate from your company or brand handle. Even Twitter employs this strategy with @Twitter vs. @Support.

When engaging with customers avoid sending automatic responses. Be sure to respond in a timely manner and with a personal touch whenever possible.

By following these few tips, your keep can maximize the reach of twitter and keep your account secure. Happy Tweeting!

Introducing Meldium for Safari


What’s new?

Automatic login support for Safari is here! Today, we are happy to deliver our Beta release of the #1 requested feature from users over the past year. With this launch, Meldium now provides automatic login from every major browser. We have extensions for Chrome, Firefox, Opera, Internet Explorer, and Safari.

What is automatic login? 

The automatic login browser extensions allow you to access all of the apps that appear on your launchpad without entering any usernames or passwords. When you share access with your team, they can sign in to apps without knowing the passwords and the plugin won't intrude on any other aspect of your web browsing experience.

How do I get it?

Head to your homepage and launch an app. You will be automatically prompted to install the plugin if you do not yet have it. Once the plugin is installed, a Meldium icon will appear in your browser's menu bar. Click on it to see all of your launchable apps! Select any app, and a new tab will open to the app's homepage, where you'll be signed in and ready to work.

Screenshot 2015-02-03 11.34.11 (2).png

Beta Note

The plugin currently works with the latest version of Safari on MAC OS X Yosemite (10.10). please e-mail us if you have feedback (bug reports welcome!).

Don't yet have a Meldium account?

You can sign up for Meldium today with Google or create a new Meldium ID.



Entropy is a hard concept


Glenn Fleishman just published a really great article on Fast Company about the difficulty of creating truly strong passwords. This is something we struggle to explain in layman's terms on our site so I'm glad we can link to something like this now. A strong password is surprisingly hard for humans to create without tools. Even worse, most passwords that people (including the tech-savvy) believe are strong are actually weak. For example, Glenn outlines in the article how seemingly secure, long passwords can be cracked easily using modern techniques. The term used to describe the strength of password is called entropy - what's that?

entropy |ˈentrəpē|

  1. Physics a thermodynamic quantity representing the unavailability of a system's thermal energy for conversion into mechanical work, often interpreted as the degree of disorder or randomness in the system.
  2. lack of order or predictability; gradual decline into disorder: a marketplace where entropy reigns supreme.
  3. (in information theory) a logarithmic measure of the rate of transfer of information in a particular message or language.

The second definition, "lack of predictability", is the key one here - we want passwords that are hard for others to guess. Most password rules evaluate entropy by counting the length of a password and the number of kinds of characters without taking into account the fact that Glenn highlights in the article: humans use a lot of mnemonic patterns in their passwords, which have much lower entropy than their length would imply. This is why Meldium uses a realistic password strength meter, which was created and open-sourced by Dropbox. The entropy estimator we use knows that "Password11!!" isn't any better than "password" - both can be guessed in microseconds by an attacker. I look forward to Glenn's article teaching more people that the only way to have a truly secure & unique passwords is to use a password generator!

Why your password is the next to get nabbed


Without a doubt businesses today are being run in the cloud -- many emerging businesses are even 100% cloud. Goodbye file servers and hardware, and hello cloud applications and web services. With the rise of cloud applications, comes a headache for individuals attempting to remember numerous user names and passwords and even greater complications for businesses managing new security vulnerabilities.

How did this problem sneak up on us so quickly? Are our businesses really at risk? With this move to the cloud, passwords take center stage. Poor employee password habits or a lack of business processes can leave organizations deeply vulnerable in more than a number of ways:

  1. Forgetting to remove employee access to an application when an employee leaves
  2. Writing passwords down on paper
  3. Keeping passwords in an unsecure spreadsheet or file folder

It’s easy to fall prey to these bad habits. With so many passwords to remember we default to simple and often repeated passwords. We choose the worst ones, with our names, numeric patterns, and personally identifiable (and easily guessable) details. Users share passwords over e-mail to share an account to get things done faster. Admins forget to disable unused accounts or accounts of terminated employees because they just don’t find the time. The reality is these bad habits, of both individuals and businesses, put company data at high risk and can be costly in the aftermath.

Check out the infographic below for some quick password security highlights.