{"id":6078,"date":"2020-02-20T16:07:30","date_gmt":"2020-02-20T13:07:30","guid":{"rendered":"https:\/\/www.protectimus.com\/blog\/?p=6078"},"modified":"2025-08-08T23:29:32","modified_gmt":"2025-08-08T20:29:32","slug":"twitter-two-factor-authentication","status":"publish","type":"post","link":"https:\/\/www.protectimus.com\/blog\/twitter-two-factor-authentication\/","title":{"rendered":"Twitter Two-Factor Authentication in Details"},"content":{"rendered":"\n

With over 145 million<\/a> active users Twitter is widely used not only for personal entertainment but for business and political agendas too. Yet, surprisingly (or not, considering that they did admit<\/a> to using phone numbers for targeting ads) Twitter has been reluctant to forgo SMS to deliver one time passwords for their 2 step verification for a very, very long time. Until finally, in November last year, they gave in and allowed for Twitter two-factor authentication without requiring the phone number.<\/p>\n\n\n\n

In this post we will look into all the 2FA methods Twitter supports, show you how to activate each of them and how to make sure you are able to login even if you lose your 2FA Twitter token.<\/p>\n\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

Buy a hardware token for Twitter 2FA<\/a><\/div>\n\n\n\n

<\/p>\n\n\n\n

How to enable Twitter 2FA via SMS and whether it\u2019s worth it<\/strong><\/h2>\n\n\n\n

As we\u2019ve already mentioned above \u2014 we are decidedly against Twitter 2FA SMS based. As a matter of fact \u2014 we vehemently insist that using SMS to deliver verification code for MFA anywhere, not only in Twitter 2FA, is not safe and should be avoided if at all possible.<\/p>\n\n\n\n

Why are we so against SMS? While it is convenient and cheap to use, it is also astonishingly easy to hack. The ways to break into an account that\u2019s protected only this way are numerous<\/a>. Starting with a simple SIM swap and ending with more complex things like intercepting the passwords by exploiting the numerous vulnerabilities of the telecom infrastructure. We\u2019ve talked about these and other SMS 2FA vulnerabilities like fake cell towers extensively before, you can read it here<\/a>.<\/p>\n\n\n\n

Yet, while Twitter 2FA without SMS is the way to go, we do understand that circumstances might be demanding otherwise and one might want to know how to send Twitter two-factor authentication code via SMS. So here\u2019s a simple guide on it:<\/p>\n\n\n\n

    \n
  1. Go to your account settings (“More” \u2192 “Settings and privacy”) and find \u201cSecurity\u201d \u2192\u201cTwo-factor Authentication\u201d.<\/li>\n\n\n\n
  2. Check the \u201cText message\u201d box and press \u201cGet Started\u201d.<\/li>\n\n\n\n
  3. Enter your user pass then press on \u201cVerify\u201d. If there\u2019s no telephone number allied with the user, you will need to provide one now.<\/li>\n\n\n\n
  4. Type in the Twitter confirmation code that was messaged to the provided number. Next you\u2019ll get a Twitter backup code on the screen, make sure to save it, or make a screenshot and save that in a secure place. We’ll expand on why later in this article.<\/li>\n\n\n\n
  5. Click \u201cGot it\u201d to finish.<\/li>\n<\/ol>\n\n\n
    \n
    \"Twitter<\/figure><\/div>\n\n\n

    <\/p>\n\n\n\n

    <\/p>\n\n\n\n

    From now on to get into your Twitter account on any device, be it Twitter mobile or desktop, an authentication code will be required and that code will be messaged to your phone.<\/p>\n\n\n\n

    | Read also:<\/span> 2FA Chatbots vs. SMS Authentication<\/a><\/p>\n\n\n\n

    Twitter two-factor authentication with code generator app<\/strong><\/h2>\n\n\n\n

    So we\u2019ve established that Twitter two factor authentication without phone number is much more preferable. But what are the alternatives? A 2FA code generator app<\/a> for Twitter is a nice Twitter phone number bypass that provides more security than SMS ever could. A one-time twittercode is generated directly on the smartphone, which eliminates a good portion of vulnerabilities that can be exploited to gain unauthorized access to your Twitter account. A Twitter verification code hack is way harder to do if the password is not transmitted via GSM, or even Internet.<\/p>\n\n\n\n

    Of course, this type of MFA is not a bulletproof option. Even if the Twitter code generator app does not require the Internet to operate, the phone is still connected and as such is vulnerable. Moreover, you can\u2019t avoid a stolen Twitter app if the phone itself is stolen.<\/p>\n\n\n\n

    But an MFA app is still a good and safer choice. There\u2019s an abundance of apps to choose from and most of them are either cheap or free. And chances are \u2014 you already have one of them installed, there\u2019s even a Twitter 2 factor authentication Google Authenticator option. In case you are not sure which Twitter verification code generator is the best for you here\u2019s a comprehensive list<\/a> of the best 2FA apps currently available.<\/p>\n\n\n\n

    So, how to activate code generator feature for Twitter?<\/p>\n\n\n\n

      \n
    1. In the settings menu go to \u201cSecurity\u201d \u2192\u201cTwo-factor Authentication\u201d where the \u201cAuthentication app\u201d box needs to be checked.<\/li>\n\n\n\n
    2. Make sure to study the provided guide and press the \u201cStart\u201d button.<\/li>\n\n\n\n
    3. If you haven\u2019t yet got an MFA app choose one and install it. After the Twitter code generator app download is done and the installation is complete scan the QR code provided by Twitter to connect the MFA application with Twitter login. Do so and click \u201cNext\u201d<\/li>\n\n\n\n
    4. Type in the pass produced by the MFA application and click the \u201cVerify\u201d button.<\/li>\n<\/ol>\n\n\n
      \n
      \"Twitter<\/figure><\/div>\n\n\n

      <\/p>\n\n\n\n

      How to enable Twitter two-factor authentication with a hardware token<\/strong><\/h2>\n\n\n\n

      Hardware tokens<\/a> are the most bulletproof defense measure you can get when it comes to MFA. These small devices are not connected to any network, their only purpose is to generate one-time passes. As you can imagine, intercepting such a password is impossible. As well as hacking the token itself. There simply is no entryway.<\/p>\n\n\n\n

      To enable two-factor authentication Twitter suggests utilizing USB tokens, but this approach still requires SMS or 2FA app activation. You can find how to do it here<\/a>.<\/p>\n\n\n\n

      The best physical token to use for Twitter authentication is not a USB token though, it’s the programmable token Protectimus Slim NFC<\/a>. Why? First of all \u2014 the security key is not hardcoded into them, which means they can be programmed to be reused with another account. Second \u2014 they are impenetrable for any malware, you do not need to connect them to a computer, which is a lot more secure. You can easily use them for Twitter mobile log in. Finally, they are as easy to activate as any MFA application. Note that you’ll need an Android smartphone with NFC to connect this hardware token to Twitter.<\/p>\n\n\n\n

      Here\u2019s how:<\/p>

      1. Download Protectimus TOTP Burner application<\/a>.<\/strong>

        The app is currently available for Android smartphones only.<\/p> <\/li>

      2. Repeat steps 1 and 2 from the previous paragraph.<\/strong>

        Start adding Authentication app on Twitter.<\/p> <\/li>

      3. Enable NFC and scan the QR code with the secret key with the Protectimus TOTP Burner application.<\/strong>

        Instead of scanning the Twitter QR code with an MFA app you need to scan the code with the Burner app. If the scan is completed successfully the app will show you a \u201cNext\u201d button, click it.\"How<\/p> <\/li>

      4. “Burn” the secret key into the hardware token. <\/strong>

        Turn the Protectimus Slim NFC token on and put it close to the smartphone\u2019s NFC antenna. When the TOTP Burner application recognizes the token you\u2019ll hear a signal, then tap a \u201cContinue\u201d button.<\/p> <\/li>

      5. Enter the one-time password from the token on Twitter to verify it and enable 2-factor authentication.<\/strong>

        Now that the token is activated all you need to do is enter the pass it generates on Twitter.<\/p> <\/li><\/ol><\/div>\n\n\n\n

        | Read also:<\/span> TOTP Tokens Protectimus Slim NFC: Frequently Asked Questions<\/a><\/p>\n\n\n\n

        \n