For the sixth day of the 12 Days of 2FA, we turn to Twitter. Twitter calls its two-factor authentication system “Login Verification,” but the idea is exactly the same: signing in from a new browser will require something you have (like your phone) as well as something you know (your password), giving your account an added layer of protection.

As one of the only social media platforms that does not require your real name, Twitter brings up some trade-offs when it comes to enabling 2FA.

First, Twitter requires your phone number to set up 2FA. If you use Twitter under a pseudonym and want to maintain your anonymity, handing over your real phone number—or, at least, a phone number at which you can reliably, regularly receive texts—may not be the right security move for you. Further, if you use several Twitter accounts—perhaps a professional account with your real name, a personal account under a pseudonym, or a group account for a social movement—then associating each account with the same phone number may make it possible for Twitter or law enforcement to link identities and accounts that you intended to keep separate.

Second, Twitter is limited to using SMS for 2FA, which is vulnerable to interception by your telecom and others. This makes SMS generally less secure than other existing 2FA methods, like authenticator apps or hardware security keys.

If enabling 2FA by SMS on Twitter is right for you, follow the steps below to set it up.

  1. Click on your profile picture in the upper right-hand corner to navigate to “Settings.” Select “Security and privacy” on the left.

  1. If you have not yet given Twitter your phone number, select “add a phone.” If you have, skip to step 6.

  1. Enter your phone number and click “Continue.”

  1. Shortly after you click, you should receive a text with your code. Enter it and click “Activate phone.”

 

  1. This will land you on the mobile settings page. To get back to setting up 2FA, click on “Security and privacy” on the left.

  1. Check “Verify login requests” next to “Login verification.”

  1. The first prompt briefly describes how 2FA works on Twitter. Click “Start.”

  1. Before continuing, you may be prompted to enter your Twitter password. Go ahead and click “Verify.”

  1. Make sure the phone number you see is correct and can receive texts, and click “Send code.”

 

  1. Shortly after you click, you should receive a text with your code. Enter it and click “Submit.”

  1. Finally, click “Get backup code” to get a printable backup code. Write this down or print it and keep it someplace safe. Click “Done.”

Back at your security settings page, you can generate app passwords to log into other Twitter apps, like the Twitter for Mac app. App passwords are passwords for devices and applications that do not support logging in with a one-time verification code. (Note that you will not need an app password for Twitter for iOS, Twitter for Android, or mobile.twitter.com.)

If and when you use your hardcopy backup code, you can also come back to your security settings page to generate another.

Stay tuned for more posts on two-factor authentication during the 12 Days of 2FA.

Related Issues