X
Tech

Tutorial: Twitter 2-factor authentication, step-by-step

Making sure you keep your Twitter account safe is incredibly important. This step-by-step, screenshot-by-screenshot article by our own David Gewirtz should make it easier to be safer.
Written by David Gewirtz, Senior Contributing Editor

Earlier this week, I published a tutorial explaining how to set up 2-factor authentication using Facebook. In this article, we'll do the same in Twitter.

The first factor in Twitter authentication is your user name and password. If you have not changed it since Heartbleed came to the surface, you should, as my ZDNet colleague Steven J. Vaughan-Nichols recommends.

The first factor is something you know, in this case your user name and password. The second factor is something you have: in this case your phone or app-running tablet.

As a second factor, we're going to look at setting up authentication using the Twitter app itself, as well as by setting up text message confirmations.

Setting up text-message verification

Unlike Facebook (which pretty much twists your arm to get you to install its mobile app), you can easily set up text message login verification with Twitter without installing the app. Since the app takes cycles on your mobile device, I'm going to describe it later. First, I'll show you how to set up basic text message verification, which is what I personally prefer to use.

To get started. log into your Twitter account from a desktop browser and mouse on over to the gear on the upper, right-hand side. That's your drop down menu. You'll want to select Settings.

TWauth20140414_aa

You'll then see the Twitter settings menu on the left side of your screen, and you should click on Security and privacy.

TWauth20140414_ab

At this point, you'll see the Security and privacy screen, and you'll notice that Twitter presents you with three options: no authentication, text message authentication, and Twitter app-based authentication.

TWauth20140414_ac

If you look carefully at the screenshot above, you'll notice that the second and third radio buttons are disabled. As it turns out, there's a slight twist to text-message authentication. You need to add a phone to your Twitter account.

When I originally started to write this article, I decided to create a dummy Twitter account in order to walk you through the steps. So I clicked on the add a phone link above and got the following screen.

TWauth20140414_ad

I gave it my phone's real number and clicked Activate phone… and got smacked down:

TWauth20140414_ae

Apparently, Twitter won't let you use the same phone to authenticate multiple accounts. Can't say I'm thrilled with that limitation. Many of us have to maintain multiple Twitter accounts and being unable to use one phone to authenticate any we need to seems an unnecessary limitation. Doing that means that some Twitter accounts will be forced to live without necessary second factor security.

You might have also noticed in that earlier screen where the two authentication radio buttons were grayed out. Not only was the text messaging radio button grayed out, but so was the app-based authentication method. I guessed this was because some setting wasn't set on the Twitter app on my phone.

As it turns out, that was not the case. The Twitter app demands a phone be associated with the account before it will authenticate. I'll take you through that process in a moment, but first, here's the "No way, man!" message Twitter decided to present as soon as I decided to click the Login verification checkbox.

TWauth20140414_af

Just in case you missed it, be sure to click the add a phone link before doing anything else. Twitter will verify the phone is yours (and, in my experience, Google Voice numbers don't work reliably).

TWauth20140414_ag

Finally, go back to the Security and privacy screen and choose the authentication method you want to use. Check Send login verification requests to your number.

TWauth20140414_ah

When you're done, you'll be asked to enter your password again, and you've got text-message verification set up.

TWauth20140414_ai

Next: Setting up Android-based app verification

By the way, I'm doing more updates on Twitter and Facebook than ever before. Be sure to follow me on Twitter at @DavidGewirtz and on Facebook at Facebook.com/DavidGewirtz.

Setting up Android-based app verification

Before you start any of this, go ahead and download the official Android or iOS Twitter app. Third party apps will not do you any good when it comes to Twitter verification.

My primary phone is an Android phone, so I'm only able to go all the way with the Android version of the app for verification. That's because Twitter requires a real phone number prior to setting up verification. For the iOS side, I'll get you to the right screens, but it wouldn't hurt for you iOS users to read this section just to see it all the way through.

The first thing you may find when logging in with your Android app is the requirement that you enter a verification code. Since I use text-message based verification, when I opened my Twitter app, I was presented with this screen. Shortly after, I got a text on my phone and had to switch to the message app, get the code, switch back here, and enter it.

TWauth20140414_aj

To get started, click the three-dot icon on the upper right of your Android screen and then select settings from the drop-down menu.

TWauth20140414_ak

Now, select the account you want to verify. In my case, it's @DavidGewirtz. Yours will, of course, be your account. You might also notice the option to add an account.

TWauth20140414_aL

I tried this, thinking I could use this approach to verify a second account, but oddly enough, as soon as you get into the settings and select Security, you're told you need a unique phone number. No joy that way!

In any case, once you tap your user name, you'll be presented with the Settings screen. Scroll all the way down to the bottom, and you'll see Security. Tap that.

TWauth20140414_am

Next, the Login verification screen will come up. Click the radio box.

TWauth20140414_an

First comes a warning. Tap OK.

TWauth20140414_ao

Finally, you'll be asked if you want to save your backup code. I would write it down, but I don't like the idea of saving it in my gallery.

TWauth20140414_ap

Next: Setting up iPhone-based app verification

By the way, I'm doing more updates on Twitter and Facebook than ever before. Be sure to follow me on Twitter at @DavidGewirtz and on Facebook at Facebook.com/DavidGewirtz.

Setting up iPhone-based app verification

Now, let's switch over to the iPhone. I'll take you as far as I can given that I don't have a phone number associated with this old, retired phone. I now use it as an iPod touch to do bedtime reading. It rocks for Kindle reading. Let's get started, though, getting you up to speed.

Open your Twitter app, Tap the Me icon on the bottom, and then the gear icon in the middle of the screen.

TWauth20140414_aq

Tap settings:

TWauth20140414_ar

Tap your user account:

TWauth20140414_as

Scroll all the way down to the bottom and tap Security.

TWauth20140414_at

Finally, turn on Login verification and follow the prompts.

TWauth20140414_au

This is as far as I can take you on the iPhone. The rest should be pretty obvious. Congratulate yourself on protecting your Twitter account. It's important that you do this. Make sure to tell your friends as well.

By the way, I'm doing more updates on Twitter and Facebook than ever before. Be sure to follow me on Twitter at @DavidGewirtz and on Facebook at Facebook.com/DavidGewirtz.

Editorial standards