Set up two-step verification using Twitter's mobile apps
Twitter updated the iOS and Android versions of its mobile apps today, making it possible to approve log-in attempts using push notifications.
to its Android and iOS mobile apps. Included in the update was the option to bypass the originally launched back in May.
Now users have the option to approve log-in requests more directly via their mobile device, instead of relying on a text message containing a short code.
After updating you'll need to launch the app and head to the Settings page. On iOS, you can tap on the "Me" tab along the bottom, then the gear icon and select "Settings"; Android users will need to tap on the "Me" tab, then the gear icon, and select "Settings," then your account name.
Once you've arrived to the correct screen you'll find a Security option. Select it and check the box next to "Login verification."
You'll be prompted to confirm that you want to enable the feature, and reminded to store the backup code in a safe place. I suggest taking a screenshot of it and storing it in Dropbox or somewhere safe you'll be able to access should you lose your phone. Without your phone, the only way to gain access to your account is by using this backup code.
After enabling log-in verification on your mobile device, the next time you attempt to log in using a new app or unrecognized browser you'll receive a push alert on that device. Upon opening the alert you'll be presented with the location and app trying to access your account, along the option to approve or deny the request. Tapping on the checkmark approves the request and the browser or app should automatically redirect you, with a logged-in account in tow.
Oddly, the option to generate temporary passwords when logging in to certain apps -- such as iOS -- has been removed from Twitter's application settings page, but iOS refuses to accept my current password, along with my backup password. Hopefully this is just a launch glitch that will be cleared up soon.
You can only have the log-in verification active on one device at a time, so this still doesn't provide a solution for accounts that are managed by multiple people from different devices.
Are you going to set up this form of verification, or are you going to stick to the SMS-based method?