Tutorial: Twitter 2-factor authentication, step-by-step
Earlier this week, I published a tutorial explaining how to set up 2-factor authentication using Facebook. In this article, we'll do the same in Twitter.
The first factor in Twitter authentication is your user name and password. If you have not changed it since Heartbleed came to the surface, you should, as my ZDNet colleague Steven J. Vaughan-Nichols recommends.
The first factor is something you know, in this case your user name and password. The second factor is something you have: in this case your phone or app-running tablet.
As a second factor, we're going to look at setting up authentication using the Twitter app itself, as well as by setting up text message confirmations.
Setting up text-message verification
Unlike Facebook (which pretty much twists your arm to get you to install its mobile app), you can easily set up text message login verification with Twitter without installing the app. Since the app takes cycles on your mobile device, I'm going to describe it later. First, I'll show you how to set up basic text message verification, which is what I personally prefer to use.
To get started. log into your Twitter account from a desktop browser and mouse on over to the gear on the upper, right-hand side. That's your drop down menu. You'll want to select Settings.
You'll then see the Twitter settings menu on the left side of your screen, and you should click on Security and privacy.
At this point, you'll see the Security and privacy screen, and you'll notice that Twitter presents you with three options: no authentication, text message authentication, and Twitter app-based authentication.
If you look carefully at the screenshot above, you'll notice that the second and third radio buttons are disabled. As it turns out, there's a slight twist to text-message authentication. You need to add a phone to your Twitter account.
When I originally started to write this article, I decided to create a dummy Twitter account in order to walk you through the steps. So I clicked on the add a phone link above and got the following screen.
I gave it my phone's real number and clicked Activate phone… and got smacked down:
Apparently, Twitter won't let you use the same phone to authenticate multiple accounts. Can't say I'm thrilled with that limitation. Many of us have to maintain multiple Twitter accounts and being unable to use one phone to authenticate any we need to seems an unnecessary limitation. Doing that means that some Twitter accounts will be forced to live without necessary second factor security.
You might have also noticed in that earlier screen where the two authentication radio buttons were grayed out. Not only was the text messaging radio button grayed out, but so was the app-based authentication method. I guessed this was because some setting wasn't set on the Twitter app on my phone.
As it turns out, that was not the case. The Twitter app demands a phone be associated with the account before it will authenticate. I'll take you through that process in a moment, but first, here's the "No way, man!" message Twitter decided to present as soon as I decided to click the Login verification checkbox.
Just in case you missed it, be sure to click the add a phone link before doing anything else. Twitter will verify the phone is yours (and, in my experience, Google Voice numbers don't work reliably).
Finally, go back to the Security and privacy screen and choose the authentication method you want to use. Check Send login verification requests to your number.
When you're done, you'll be asked to enter your password again, and you've got text-message verification set up.
Next: Setting up Android-based app verification
By the way, I'm doing more updates on Twitter and Facebook than ever before. Be sure to follow me on Twitter at @DavidGewirtz and on Facebook at Facebook.com/DavidGewirtz.
Setting up Android-based app verification
Before you start any of this, go ahead and download the official Android or iOS Twitter app. Third party apps will not do you any good when it comes to Twitter verification.
My primary phone is an Android phone, so I'm only able to go all the way with the Android version of the app for verification. That's because Twitter requires a real phone number prior to setting up verification. For the iOS side, I'll get you to the right screens, but it wouldn't hurt for you iOS users to read this section just to see it all the way through.
The first thing you may find when logging in with your Android app is the requirement that you enter a verification code. Since I use text-message based verification, when I opened my Twitter app, I was presented with this screen. Shortly after, I got a text on my phone and had to switch to the message app, get the code, switch back here, and enter it.
To get started, click the three-dot icon on the upper right of your Android screen and then select settings from the drop-down menu.
Now, select the account you want to verify. In my case, it's @DavidGewirtz. Yours will, of course, be your account. You might also notice the option to add an account.
I tried this, thinking I could use this approach to verify a second account, but oddly enough, as soon as you get into the settings and select Security, you're told you need a unique phone number. No joy that way!
In any case, once you tap your user name, you'll be presented with the Settings screen. Scroll all the way down to the bottom, and you'll see Security. Tap that.
Next, the Login verification screen will come up. Click the radio box.
First comes a warning. Tap OK.
Finally, you'll be asked if you want to save your backup code. I would write it down, but I don't like the idea of saving it in my gallery.
Next: Setting up iPhone-based app verification
By the way, I'm doing more updates on Twitter and Facebook than ever before. Be sure to follow me on Twitter at @DavidGewirtz and on Facebook at Facebook.com/DavidGewirtz.
Setting up iPhone-based app verification
Now, let's switch over to the iPhone. I'll take you as far as I can given that I don't have a phone number associated with this old, retired phone. I now use it as an iPod touch to do bedtime reading. It rocks for Kindle reading. Let's get started, though, getting you up to speed.
Open your Twitter app, Tap the Me icon on the bottom, and then the gear icon in the middle of the screen.
Tap settings:
Tap your user account:
Scroll all the way down to the bottom and tap Security.
Finally, turn on Login verification and follow the prompts.
This is as far as I can take you on the iPhone. The rest should be pretty obvious. Congratulate yourself on protecting your Twitter account. It's important that you do this. Make sure to tell your friends as well.
By the way, I'm doing more updates on Twitter and Facebook than ever before. Be sure to follow me on Twitter at @DavidGewirtz and on Facebook at Facebook.com/DavidGewirtz.