Why you can trust ZDNET
:ZDNET independently tests and researches products to bring you our best recommendations and advice. When you buy through our links, we may earn a commission.Our process
'ZDNET Recommends': What exactly does it mean?
ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.
ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.
With all of Twitter's ever-growing technical problems, I'd missed an elephant in the room-sized disaster. Fortunately, a friend reminded me that many people use Twitter's log-in as their login for other websites. Eep! You need to stop doing that right now.
Musk may be great at launching rockets, but that may not translate to accuracy in identifying microservices bloatware. One or more of those services was essential to 2FA (two-factor authentication) using text messages. Text, aka SMS, 2FA is the most commonly used form of 2FA. The result of this removal is that if you had 2FA set to protect your account from hackers, you can no longer use it to change your password or log back in if you thumb-finger your password.
So much for Twitter. But, what's potentially even worse is if you use Twitter for single-sign-on (SSO) on other sites, you could also be blocked from them. As Coldwater tweeted, "If you have any apps or sites you log in to connected to your Twitter account via OAuth, I STRONGLY recommend changing that right now while you still can."
To change your Twitter 2FA, go to Settings & Support > Settings & Privacy > Security & Account Access > Security > Two-factor authentication.
If text has been chosen for your 2FA method, switch from that to either an authenticator app or a security key. Just follow the instructions, and you should be fine… for now.
Another thing to keep in mind: You often see SSOs as an invitation on sites as an easy way to log in without creating yet another password. Instead, you just use your Google, Microsoft, Facebook, Apple, or Twitter login name and password instead.
That's fine. If you trust the major site to stay stable and protect your data. But in the current circumstances, Twitter isn't trustworthy in that sense.
You should immediately go to those sites where you use Twitter to log in and replace it with something -- anything -- else. To find out which sites you're using Twitter as your SSO for, go to the Twitter app or website and check Settings & Support > Settings & Privacy > Security & Account Access > Apps & sessions.
Once there, check Connected Apps for applications that have read-write permissions to Twitter or vice versa. Then, check Account access history for sites that have used Twitter for logins recently.
Armed with this information, go to the sites and services you've found and switch to another, more stable login and password. The way things are going, it's only a matter of time before there's another Twitter tech crackup, and you don't want to be locked out of other sites when -- not if -- Twitter fails.