Tutorial: Twitter 2-factor authentication, step-by-step

Summary:Making sure you keep your Twitter account safe is incredibly important. This step-by-step, screenshot-by-screenshot article by our own David Gewirtz should make it easier to be safer.

Earlier this week, I published a tutorial explaining how to set up 2-factor authentication using Facebook . In this article, we'll do the same in Twitter.

The first factor in Twitter authentication is your user name and password. If you have not changed it since Heartbleed came to the surface, you should, as my ZDNet colleague Steven J. Vaughan-Nichols recommends .

The first factor is something you know, in this case your user name and password. The second factor is something you have: in this case your phone or app-running tablet.

As a second factor, we're going to look at setting up authentication using the Twitter app itself, as well as by setting up text message confirmations.

Setting up text-message verification

Unlike Facebook (which pretty much twists your arm to get you to install its mobile app), you can easily set up text message login verification with Twitter without installing the app. Since the app takes cycles on your mobile device, I'm going to describe it later. First, I'll show you how to set up basic text message verification, which is what I personally prefer to use.

To get started. log into your Twitter account from a desktop browser and mouse on over to the gear on the upper, right-hand side. That's your drop down menu. You'll want to select Settings.


You'll then see the Twitter settings menu on the left side of your screen, and you should click on Security and privacy.


At this point, you'll see the Security and privacy screen, and you'll notice that Twitter presents you with three options: no authentication, text message authentication, and Twitter app-based authentication.


If you look carefully at the screenshot above, you'll notice that the second and third radio buttons are disabled. As it turns out, there's a slight twist to text-message authentication. You need to add a phone to your Twitter account.

When I originally started to write this article, I decided to create a dummy Twitter account in order to walk you through the steps. So I clicked on the add a phone link above and got the following screen.


I gave it my phone's real number and clicked Activate phone… and got smacked down:


Apparently, Twitter won't let you use the same phone to authenticate multiple accounts. Can't say I'm thrilled with that limitation. Many of us have to maintain multiple Twitter accounts and being unable to use one phone to authenticate any we need to seems an unnecessary limitation. Doing that means that some Twitter accounts will be forced to live without necessary second factor security.

You might have also noticed in that earlier screen where the two authentication radio buttons were grayed out. Not only was the text messaging radio button grayed out, but so was the app-based authentication method. I guessed this was because some setting wasn't set on the Twitter app on my phone.

As it turns out, that was not the case. The Twitter app demands a phone be associated with the account before it will authenticate. I'll take you through that process in a moment, but first, here's the "No way, man!" message Twitter decided to present as soon as I decided to click the Login verification checkbox.


Just in case you missed it, be sure to click the add a phone link before doing anything else. Twitter will verify the phone is yours (and, in my experience, Google Voice numbers don't work reliably).


Finally, go back to the Security and privacy screen and choose the authentication method you want to use. Check Send login verification requests to your number.


When you're done, you'll be asked to enter your password again, and you've got text-message verification set up.


Next: Setting up Android-based app verification

By the way, I'm doing more updates on Twitter and Facebook than ever before. Be sure to follow me on Twitter at @DavidGewirtz and on Facebook at Facebook.com/DavidGewirtz.

Topics: Security


In addition to hosting the ZDNet Government and ZDNet DIY-IT blogs, CBS Interactive's Distinguished Lecturer David Gewirtz is an author, U.S. policy advisor and computer scientist. He is featured in The History Channel special The President's Book of Secrets, is one of America's foremost cyber-security experts, and is a top expert on savi... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.