Twitter finally makes an important security change that helps everyone
Here's everything you need to know about the change to two-factor authentication codes.
Jason CiprianiContributing Writer, ZDNet
Jason Cipriani is based out of beautiful Colorado and has been covering mobile technology news and reviewing the latest gadgets for the last six years. His work can also be found on sister site CNET in the How To section, as well as across several more online publications.
Two-factor authentication, widely considered a best practice when it comes to keeping your online accounts secure, adds an extra layer of security to your online accounts by requiring a six-digit number after you've entered the correct password for your account. Originally, two-factor codes were delivered primarily via text message, but that's proven to be problematic. For example, Twitter CEO Jack Dorsey's account was hacked in August.
The person(s) who had control of his account posted hateful messages before they were deleted. They were able to gain access to his account and get around two-factor authentication by switching the SIM card linked to his phone number and then receiving the SMS two-factor authentication code in a practice commonly referred to as SIM swapping.
With Twitter dropping the requirement, you can now opt to receive its 2FA codes strictly through third-party apps or a dedicated security key. Not only is this more secure, but you'll also be able to access your codes even if your phone can't receive text messages, like on a long flight. If you already have 2FA enabled on your Twitter account, or you've been holding out until the company ditched the SMS requirement, here's what you need to know.
Watch this: Twitter lets you hide replies, Google makes it easier to get movie tickets
Set up 2FA for your Twitter account
If you haven't taken the time to set up two-factor authentication for your Twitter account, now is as good a time as any. It only adds a few seconds to the login process, but goes a long way toward keeping your account secure. We're going to cover setting up 2FA with an authentication app like Google Authenticator or 1Password. If you aren't sure which app to use, we have a guide of the top password managers, most of which include authentication features.
You'll be shown three different options: Text message, Authentication app and Security key. Select Authentication app.
The rest of the process will vary depending on which app you're using but generally consists of scanning a QR code created by Google that will allow the app to create your 2FA codes. After scanning the QR code, you'll be asked to enter the six-digit number displayed in your app to verify it's set up correctly.
Going forward, anytime you log into your Twitter account, you'll be asked for your 2FA code after entering your password. Again, it adds a couple of seconds to the process, but it's worth it.
Stop Twitter from sending text message 2FA codes
If you already have two-factor authentication set up on your account and use an authenticator app, it's a good idea to disable text message codes. This will prevent the possibility of someone gaining access to your account via SIM swapping.