Earlier this week, I published a tutorial explaining how to set up 2-factor authentication using Facebook. In this article, we'll do the same in Twitter.
The first factor in Twitter authentication is your user name and password. If you have not changed it since Heartbleed came to the surface, you should, as my ZDNet colleague Steven J. Vaughan-Nichols recommends.
The first factor is something you know, in this case your user name and password. The second factor is something you have: in this case your phone or app-running tablet.
As a second factor, we're going to look at setting up authentication using the Twitter app itself, as well as by setting up text message confirmations.
Setting up text-message verification
Unlike Facebook (which pretty much twists your arm to get you to install its mobile app), you can easily set up text message login verification with Twitter without installing the app. Since the app takes cycles on your mobile device, I'm going to describe it later. First, I'll show you how to set up basic text message verification, which is what I personally prefer to use.
To get started. log into your Twitter account from a desktop browser and mouse on over to the gear on the upper, right-hand side. That's your drop down menu. You'll want to select Settings.
You'll then see the Twitter settings menu on the left side of your screen, and you should click on Security and privacy.
At this point, you'll see the Security and privacy screen, and you'll notice that Twitter presents you with three options: no authentication, text message authentication, and Twitter app-based authentication.
If you look carefully at the screenshot above, you'll notice that the second and third radio buttons are disabled. As it turns out, there's a slight twist to text-message authentication. You need to add a phone to your Twitter account.
When I originally started to write this article, I decided to create a dummy Twitter account in order to walk you through the steps. So I clicked on the add a phone link above and got the following screen.
I gave it my phone's real number and clicked Activate phone… and got smacked down:
Apparently, Twitter won't let you use the same phone to authenticate multiple accounts. Can't say I'm thrilled with that limitation. Many of us have to maintain multiple Twitter accounts and being unable to use one phone to authenticate any we need to seems an unnecessary limitation. Doing that means that some Twitter accounts will be forced to live without necessary second factor security.
You might have also noticed in that earlier screen where the two authentication radio buttons were grayed out. Not only was the text messaging radio button grayed out, but so was the app-based authentication method. I guessed this was because some setting wasn't set on the Twitter app on my phone.
As it turns out, that was not the case. The Twitter app demands a phone be associated with the account before it will authenticate. I'll take you through that process in a moment, but first, here's the "No way, man!" message Twitter decided to present as soon as I decided to click the Login verification checkbox.
Just in case you missed it, be sure to click the add a phone link before doing anything else. Twitter will verify the phone is yours (and, in my experience, Google Voice numbers don't work reliably).
Finally, go back to the Security and privacy screen and choose the authentication method you want to use. Check Send login verification requests to your number.
When you're done, you'll be asked to enter your password again, and you've got text-message verification set up.