With over 145 million active users Twitter is widely used not only for personal entertainment but for business and political agendas too. Yet, surprisingly (or not, considering that they did admit to using phone numbers for targeting ads) Twitter has been reluctant to forgo SMS to deliver one time passwords for their 2 step verification for a very, very long time. Until finally, in November last year, they gave in and allowed for Twitter two-factor authentication without requiring the phone number. In this post we will look into all the 2FA methods Twitter supports, show you how to activate each of them and how to make sure you are able to login even if you lose your 2FA Twitter token. Buy a hardware token for Twitter 2FA How to enable Twitter 2FA via SMS and whether it’s worth it As we’ve already mentioned above — we are decidedly against Twitter 2FA SMS based. As a matter of fact — we vehemently insist that using SMS to deliver verification code for MFA anywhere, not only in Twitter 2FA, is not safe and should be avoided if at all possible. Why are we so against SMS? While it is convenient and cheap to use, it is also astonishingly easy to hack. The ways to break into an account that’s protected only this way are numerous. Starting with a simple SIM swap and ending with more complex things like intercepting the passwords by exploiting the numerous vulnerabilities of the telecom infrastructure. We’ve talked about these and other SMS 2FA vulnerabilities like fake cell towers extensively before, you can read it here. Yet, while Twitter 2FA without SMS is the way to go, we do understand that circumstances might be demanding otherwise and one might want to know how to send Twitter two-factor authentication code via SMS. So here’s a simple guide on it: Go to your account settings (“More” → “Settings and privacy”) and find “Security” →“Two-factor Authentication”.Check the “Text message” box and press “Get Started”.Enter your user pass then press on “Verify”. If there’s no telephone number allied with the user, you will need to provide one now.Type in the Twitter confirmation code that was messaged to the provided number. Next you’ll get a Twitter backup code on the screen, make sure to save it, or make a screenshot and save that in a secure place. We’ll expand on why later in this article.Click “Got it” to finish. From now on to get into your Twitter account on any device, be it Twitter mobile or desktop, an authentication code will be required and that code will be messaged to your phone. | Read also: 2FA Chatbots vs. SMS Authentication Twitter two-factor authentication with code generator app So we’ve established that Twitter two factor authentication without phone number is much more preferable. But what are the alternatives? A 2FA code generator app for Twitter is a nice Twitter phone number bypass that provides more security than SMS ever could. A one-time twittercode is generated directly on the smartphone, which eliminates a good portion of vulnerabilities that can be exploited to gain unauthorized access to your Twitter account. A Twitter verification code hack is way harder to do if the password is not transmitted via GSM, or even Internet. Of course, this type of MFA is not a bulletproof option. Even if the Twitter code generator app does not require the Internet to operate, the phone is still connected and as such is vulnerable. Moreover, you can’t avoid a stolen Twitter app if the phone itself is stolen. But an MFA app is still a good and safer choice. There’s an abundance of...