Dave! I read that Twitter is forcing everyone to switch from SMS text-based 2-factor authentication to an app or hardware key. I am afraid I’m going to lose access to my account. How can I switch my 2FA setting from text-based to an auth app on my phone?
There have been cases of hackers scamming phone numbers to circumvent two-factor authentication for logging in to otherwise secure accounts, but it’s complex and not very frequent at all. Companies do typically pay transaction fees for text messages sent on their behalf, however, so while it’s hard to understand why Twitter would disable the simple and secure SMS text authentication approach, perhaps it’s just a matter of saving money. That would coincide with the company explaining that if you pay for a Twitter Blue account you will be able to retain the text messaging login feature: If it were about security, wouldn’t the paid accounts be more secure, not less?
Shortcuts: Login 2FA | 2-Factor Settings | Enable 2FA App | Auth App Settings | Final Setup
A blog post on the Twitter site offers this explanation: “We will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers… Non-Twitter Blue subscribers that are already enrolled will have 30 days to disable this method and enroll in another. After 20 March 2023, we will no longer permit non-Twitter Blue subscribers to use text messages as a 2FA method.”
Then again, perhaps it’s simply an attempt to incentivize people to pay for Twitter Blue. Whatever the reasons, the reality is that Twitter users will need to deal with this change. Should you simply disable two-factor authentication? No, because that’s the least secure option of all. Instead, let me step you through the process of adding an authentication app to your Twitter account. There are a number of auth apps available for iPhone and Android, but my preference is Authy, so that’s what I’ll use. Don’t have it yet? Grab a copy of Authy for Android or Authy for iPhone before proceeding.
LOGGING IN TO TWITTER WITH TEXT 2FA
Hopefully, you already have 2-factor authentication enabled for your Twitter account. If you do, you’re familiar with this step during the login sequence:
You can choose a different verification method, but soon this one simply won’t work. So let’s fix it. Log in to get started…
TWITTER 2-FACTOR AUTHENTICATION SETTINGS
Once you’ve logged in, click on “More” on the left side (or the equivalent in the mobile app). A menu will pop up with the following options:
Go to “Settings and Support” then choose “Security and account access” from the main list of Settings. The following options will be displayed:
There’s a bit more digging to get to the correct spot. Choose “Security“.
Finally, choose “Two-factor authentication” from the two account security options. Actually, while you’re at this point, also check “Password reset protect” because there’s no reason not to do so. Now click on “Two-factor authentication” to proceed!
You can see that this particular Twitter account – @AskDaveTaylor – has Text message 2FA enabled, but nothing else. Since text messaging is going to vanish as an option in a month, it’s time to enable an authentication app, Authy.
HOW TO ENABLE A TWITTER AUTHENTICATION APP
Click on “Authentication app” and a new window pops up:
It’s about time to pick up your smartphone. But first, click on the black “Get started” button and you’ll see a QR code that contains specific information about your account and Twitter’s expectations of how an authorization app should produce codes:
Now it’s time to pick up your phone. Launch the Authy app.
AUTHY APP SETUP ON YOUR SMARTPHONE
If you’ve never used it before, you’ll just see a “+” icon, but I already use it for a variety of other sites and Twitter accounts, as you can see:
At this juncture, it’s as simple as tapping on the “+” Add Account button. That brings up an explanatory window:
Now tap on “Scan QR Code” and point your camera at the QR code that Twitter’s produced. It should just take a moment or two, then you’ll see this confirmation:
Change it as desired, then tap “Save” and you’ll see your secret confirmation code “token”:
This six-digit number will change every 30 seconds so there’s no risk having you see mine.
THEN BACK IN YOUR TWITTER SETTINGS…
Switch back to Twitter on the computer and it should be prompting for the authorization code:
I’ll enter 386386 and click “Confirm” and it worked:
Note that there’s a secret 10-character backup code displayed on this screen too: Write it down and hide it or otherwise save it just in case you cannot log in through the Authy app or lose your smartphone.
Otherwise, you’re done. The Authy app on your smartphone can now help you log in securely to your Twitter account, even when the text authorization feature is permanently disabled by Twitter in the near future. Well done.
Pro Tip: I’ve been on Twitter since the early days and have written lots and lots of useful tutorials. Please check out my twitter help area for more useful guides. Oh, and why not follow me, @DaveTaylor, on Twitter too? Thanks!