Tutorial: Twitter 2-factor authentication, step-by-step

Tutorial: Twitter 2-factor authentication, step-by-step

Summary: Making sure you keep your Twitter account safe is incredibly important. This step-by-step, screenshot-by-screenshot article by our own David Gewirtz should make it easier to be safer.

SHARE:
TOPICS: Security
0

Earlier this week, I published a tutorial explaining how to set up 2-factor authentication using Facebook. In this article, we'll do the same in Twitter.

The first factor in Twitter authentication is your user name and password. If you have not changed it since Heartbleed came to the surface, you should, as my ZDNet colleague Steven J. Vaughan-Nichols recommends.

The first factor is something you know, in this case your user name and password. The second factor is something you have: in this case your phone or app-running tablet.

As a second factor, we're going to look at setting up authentication using the Twitter app itself, as well as by setting up text message confirmations.

Setting up text-message verification

Unlike Facebook (which pretty much twists your arm to get you to install its mobile app), you can easily set up text message login verification with Twitter without installing the app. Since the app takes cycles on your mobile device, I'm going to describe it later. First, I'll show you how to set up basic text message verification, which is what I personally prefer to use.

To get started. log into your Twitter account from a desktop browser and mouse on over to the gear on the upper, right-hand side. That's your drop down menu. You'll want to select Settings.

TWauth20140414_aa

You'll then see the Twitter settings menu on the left side of your screen, and you should click on Security and privacy.

TWauth20140414_ab

At this point, you'll see the Security and privacy screen, and you'll notice that Twitter presents you with three options: no authentication, text message authentication, and Twitter app-based authentication.

TWauth20140414_ac

If you look carefully at the screenshot above, you'll notice that the second and third radio buttons are disabled. As it turns out, there's a slight twist to text-message authentication. You need to add a phone to your Twitter account.

When I originally started to write this article, I decided to create a dummy Twitter account in order to walk you through the steps. So I clicked on the add a phone link above and got the following screen.

TWauth20140414_ad

I gave it my phone's real number and clicked Activate phone… and got smacked down:

TWauth20140414_ae

Apparently, Twitter won't let you use the same phone to authenticate multiple accounts. Can't say I'm thrilled with that limitation. Many of us have to maintain multiple Twitter accounts and being unable to use one phone to authenticate any we need to seems an unnecessary limitation. Doing that means that some Twitter accounts will be forced to live without necessary second factor security.

You might have also noticed in that earlier screen where the two authentication radio buttons were grayed out. Not only was the text messaging radio button grayed out, but so was the app-based authentication method. I guessed this was because some setting wasn't set on the Twitter app on my phone.

As it turns out, that was not the case. The Twitter app demands a phone be associated with the account before it will authenticate. I'll take you through that process in a moment, but first, here's the "No way, man!" message Twitter decided to present as soon as I decided to click the Login verification checkbox.

TWauth20140414_af

Just in case you missed it, be sure to click the add a phone link before doing anything else. Twitter will verify the phone is yours (and, in my experience, Google Voice numbers don't work reliably).

TWauth20140414_ag

Finally, go back to the Security and privacy screen and choose the authentication method you want to use. Check Send login verification requests to your number.

TWauth20140414_ah

When you're done, you'll be asked to enter your password again, and you've got text-message verification set up.

TWauth20140414_ai

Next: Setting up Android-based app verification

By the way, I'm doing more updates on Twitter and Facebook than ever before. Be sure to follow me on Twitter at @DavidGewirtz and on Facebook at Facebook.com/DavidGewirtz.

Topic: Security

About

David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion