How to Enable Two-factor Authentication for Your Twitter Account

| Quick Tip

Waking up to find out your Twitter account has been hijacked to post antisemitic messages is a pretty crappy way to start your day. That’s why enabling two-factor authentication for your Twitter account is so important. It takes several steps, so follow along to learn how.

Lock down your Twitter account with two-factor authentication

Not using two-factor authentication for Twitter? Time to set it up!

Head on over to the Twitter website and login to your account. You can set up two-factor authentication from Twitter’s own iOS app, but not everyone uses that so I’m focusing on the web-based steps. Now do this:

Twitter's Settings and privacy options are available through your account avatar on the Twitter website

Start by logging into your Twitter account, then go to your settings

  • Click your account avatar in the upper right corner
  • Choose Settings and privacy
  • Select Account
  • If you haven’t already confirmed your email address, enter it in the Email field then click Save changes
  • Check your email for Twitter’s confirmation verification message and click Confirm now
  • Use the new Twitter webpage that opened in your browser and click your account avatar again so you can choose Settings and privacy > Account
  • Check Verify login requests
  • Click Start
  • Enter your Twitter account password, then click Verify
  • Twitter needs to verify your phone number, so click Send code
  • Enter the code Twitter sent as a text message to your phone
  • Click Get backup code, then save the code someplace safe like 1Password. The backup code lets you login to your Twitter account if your smartphone is lost.
Enabling Verify login requests sends one-use codes to your smartphone as text messages. You need the code to complete the login process.

Now Twitter logins will require your password and a one-use code sent to your smartphone

Now any time you login to your Twitter account you’ll need two things: the password you already know, and the one-use code Twitter sends you. That’s how two-factor authentication works. Without both parts your account isn’t accessible, which means hackers can’t break into your account and post embarrassing tweets you’d rather not see.

Twitter’s Two-factor Authentication Workaround

That doesn’t, however, stop hackers from posting through apps that have access to your account. If a bad guy finds a way to hack into a service you’ve linked to your Twitter account they can use that to bypass two-factor authentication and post without your permission.

You can check to see which apps and services have access to your Twitter account by clicking Apps after choosing Settings and privacy. I found Ping was still linked to my account, so it was time for that to go. All I had to do was click Revoke access.

Twitter doesn’t make setting up two-factor authentication particularly easy if your email address isn’t showing as verified. I had to change my address to a different email account, go through the verification process, then change my address back and re-verify again.

Why the reference to antisemitic tweets, you ask? It’s because that’s exactly what happened to some Twitter Counter users. The analytics service was hacked, and people who were using it found some pretty nasty pro-Nazi tweets in Turkish posted in their names—complete with swastikas. That’s why it’s important to limit which apps and services have access to your account Even though you’re using two-factor authentication.

One Comment Add a comment

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account