Twitter recently announced that they will stop allowing the use of SMS-based two-factor authentication for their service, except for Twitter Blue subscribers. This $8 a month service offers a blue checkmark (though not actual verification), the ability to edit tweets, and more. This change will take place on March 20, 2023, and, if you are using SMS-based two-factor authentication (2FA) at that time, Twitter will turn it off, rendering your account less secure.
SMS-based 2FA is not very secure – SMSes can be intercepted, and SIM cloning can allow people to pretend they have your phone – and the other methods available are much more robust. But Twitter’s decision to turn off SMS-based 2FA is dangerous, and their choice to allow it to be used for a price is misguided.
If you have SMS-based 2FA on Twitter, you should change this to use an authenticator app, and there’s one built into macOS, iOS, and iPadOS. Here’s how to do this on Mac, iPhone, or iPad.
About Twitter’s 2FA
Two-factor authentication, or 2FA, protects your account by requiring that, to log into a website or service, you must enter something you know, your user name and password, and something you have, such as a one-time code. These codes can can be sent by email or SMS, or can be generated by authenticator apps. It’s also possible to use a security key, a sort of dongle that works as a physical key generator.
The uptake of two-factor authentication on Twitter is quite low; as of December 2021, only 2.6% of active accounts used 2FA, and, of these, 74.4% used SMS-based 2FA, 28.9% used an authenticator app, and, only 0.5% used a security key. (Twitter notes that accounts can have multiple 2FA methods set up.) Twitter has offered these three methods of 2FA for many years, and most people choose SMS because it is simpler and does’t require additional software.
If you don’t currently use 2FA on Twitter, you should. If the password you use for Twitter is weak, or if you reuse a password that may have shown up in a data breach, 2FA prevents hackers from taking control of your account. For many people, this includes not just tweets but also direct messages, which may contain personal information.
In addition, 2FA can help protect you from phishing. If you do get tricked into entering your user name and password on a phishing site, hackers won’t be able to get into your account without the code that you generate.
While SMS is insecure, Ricky Mondello, a software engineer at Apple who works on security and passwords, points out that “SMS 2FA provides value, despite its flaws.” They explain that not everyone is targeted by hackers, and that weak passwords can be protected by any form of 2FA, even SMS. And they point out that SMS-based two-factor authentication is “relatively usable and accessible: lots of people understand what it means to give a service like Twitter their phone number and can figure out how to enter a code that’s texted to them.”
Why Twitter is making this change to two-factor authentication
Since Elon Musk bought Twitter for the inflated price of $44 billion, he has attempted to cut costs as much as possible. He recently said on Twitter that “Twitter is getting scammed by phone companies for $60M/year of fake 2FA SMS messages.”
SMS messages are not free, and it’s not clear whether Twitter is really “getting scammed,” but deciding to throw away security in this way seems shortsighted. While only a small percentage of Twitter users have 2FA turned on, and getting people to use an authenticator app instead of SMS is a good thing, the fact that Twitter is leaving SMS authentication available for a fee makes little sense. Essentially, paying users get lower security, if they wish, while users who don’t pay and want to use 2FA will be more secure.
Twitter could have switched their SMS two-factor authentication to email-based codes, which they use when they verify email addresses. This would be more or less free – there’s only minimal bandwidth costs for email, whereas there are carrier costs for SMS – and this is more secure than SMS.
In addition, Twitter users may go for months, or even years without needing to enter a new code. You only need to enter a code when logging in on a new device or a new browser. I can’t remember the last time I had to enter a 2FA code for my Twitter account.
It is possible that these “fake 2FA SMS messages” are sent when scammers try to log into accounts that are protected with 2FA. Perhaps a hacker has a username and password, and attempts to access an account, or tries to reset a password; at that point, an SMS is sent to the user.
How to set up Twitter’s two-factor authentication with an authenticator app
Setting up 2FA on Twitter is simple. On the Twitter website, tap or click the … icon, choose Settings and Support, then Settings and Privacy. Tap or click Security and Account Access, then Security.
In the Twitter app, tap or click your avatar, then Settings and Support, then Settings and Privacy.
The Two-Factor Authentication section allows you to manage this feature.
You can see the three options currently available: Text message, Authentication app, and Security key. You can also see, under Additional methods, a Backup codes section, which I discuss at the end of this article.
Tap or click the Authentication app checkbox. Follow the instructions, and, if you haven’t already confirmed your email address, Twitter will send you a confirmation email. Enter the code in this email. Twitter explains the steps for setting up two-factor authentication.
Twitter then displays a QR code; use the authenticator app on your phone to scan this code, then generate a code and enter it on the Twitter website. (I discuss authenticator apps below.)
If you can’t scan the QR code, click the link below it to get a long alphanumeric code that you enter in your authenticator app.
Each time you log into Twitter on a new device or in a new browser, you’ll need to enter your user name, password, and a unique code that you generate.
Using the Apple Keychain as an authenticator app
To perform the above, you need an authenticator app, but you can also use the Keychain, which is built in to macOS, iOS, and iPadOS. Since macOS Monterey and iOS 15, the Keychain has supported two-factor authentication codes, and the information syncs across your devices via iCloud. As long as you don’t need to log in on an Android or Windows device without having an Apple device handy, you will never need anything else.
To do this on a Mac, go to Safari > Settings, click Passwords, enter your Mac’s password or use Touch ID, then find the Twitter account in the passwords list. Click Edit, then click Enter Setup Key:
On an iPhone or iPad, go to Settings, scroll down a bit and tap Passwords, then search for the Twitter account you want to protect. Tap that entry, then, under Account Options, tap Set Up Verification Code. You have two options:
Choose Enter Setup Key, and enter the alphanumeric key that Twitter provides.
Whether you’ve done this on a Mac, iPhone, or iPad, you’ll now be prompted by Twitter to generate a code, to confirm that the process has worked. Enter that code to confirm, then click Verify.
Using other authenticator apps
You can use third-part authenticator apps, which we discuss in this article, such as Google Authenticator, Microsoft Authenticator, or Authy, and others. These apps all do nothing other than generate codes; they don’t store your passwords. You set up all your accounts that use 2FA in one of these apps, and, when you need a code, you generate it, then enter it on the website.
You can also use password managers, such as 1Password, Dashlane, or BitWarden to generate 2FA codes. With these apps, you can have your passwords and your two-factor code generators together.
Some authenticator apps and password managers have companion Apple Watch apps which allow you to generate codes on your wrist; this can be useful for sites where you need 2FA codes each time you log in. This isn’t the case with Twitter; you only need to enter a code the first time you log in with a new device or browser.
Creating backup codes
After you’ve set up 2FA, you should go back to the main Two-factor authentication page. Under Additional methods, you’ll find a link to backup codes. Click this, and Twitter generates a code made up of 12 alphanumeric characters. Copy this code and store it in a safe place, such as a password manager or secure notes app. You can generate multiple codes by clicking Generate a new code several times; it’s a good idea to save several of these, in case you have problems generating one-time codes. You can only use each of these codes once.
Bottom line
While Twitter’s sudden decision risks making many user accounts less secure, the publicity around this change could prompt more users to adopt 2FA on Twitter; the low percentage of accounts protected this way shows how weak the service’s security is. You should protect all accounts that offer this feature with two-factor authentication, and there are tools built into Apple’s operating systems that make this simple.
The above is the detailed content of How to set up Two. For more information, please follow other related articles on the PHP Chinese website!
How to Summarize Webpages in Safari for MacMay 09, 2025 am 10:47 AMSafari browser's powerful web simplification feature: use Apple Intelligence to read efficiently! One of the built-in Apple Intelligence features of Safari browser is the web snippet feature. Whether the content of a web page is a long-lasting or a normal website, Apple Intelligence can quickly generate summary, helping you quickly understand web page content and save time. This feature is very convenient to use in Safari for Mac. How to use the web ssummary feature in Safari for Mac? If you are using an Apple Silicon Mac with MacOS Sequoia 15 or later
How to Fix Spotlight Search Issues on MacOS SequoiaMay 09, 2025 am 10:36 AMA fair number of Mac users have discovered that Spotlight Search is not working well in MacOS Sequoia, either missing files, apps, and sometimes not working at all to find any local file. For some users the issues with Spotlight happens right after t
How to Customize Safari on Mac? How to Personalize It on MacBook Air/Pro?May 09, 2025 am 10:35 AMPersonalize Your Safari Experience on MacBook: A Comprehensive Guide You can easily customize Safari on your MacBook to enhance your browsing experience. This guide provides a step-by-step approach to personalize various aspects of Safari, from the t
![How to Silence Notifications on iPhone? [Mute Messages & Apps on iOS]](https://img.php.cn/upload/article/001/242/473/174675709271104.jpg?x-oss-process=image/resize,p_40)
How to Silence Notifications on iPhone? [Mute Messages & Apps on iOS]May 09, 2025 am 10:18 AMSilence iPhone Notifications: 6 Ways to Find Your Peace Need a break from the constant buzz of iPhone notifications? This guide offers six methods to silence your iPhone, from quick toggles to scheduled quiet time. Let's dive in! 1. Focus Mode: The
How to Record Calls on iPhoneMay 09, 2025 am 10:15 AMThe new iPhone call recording function added in iOS 18.1 and above makes recording easier than ever! Just tap the recording button on the screen to start recording. This button is on the same screen as the speaker, mute and hang up buttons, making it convenient and fast. After the recording starts, the system will automatically play the prompt tone to inform both parties that the recording is being recorded, but it is best to confirm it verbally to show respect. Say goodbye to the past tedious recording methods, such as using a three-party call to transfer to a voice mail or recording with a Mac computer. Call content recorded on iPhone will be automatically saved in the memo app and saved with the title "Call with (Contact Name or Phone Number)" so that you can listen back, view voice to text records at any time, and add
RC of MacOS Sequoia 15.2, iOS 18.2, iPadOS 18.2, Released for TestingMay 09, 2025 am 09:55 AMApple released the iOS 18.2, MacOS Sequoia 15.2, and iPadOS 18.2 version candidates (RC) for all users participating in the Apple Systems Software Beta Test Program. The RC version is usually the final version of the Beta version before its public release, which indicates that the official version of iOS 18.2, iPadOS 18.2 and MacOS Sequoia 15.2 will be released soon. In addition to regular bug fixes and security enhancements, these upcoming software updates focus on bringing new Apple Intelligence features to compatible devices, including Imag
MacOS Sequoia 15.1.1 with Security Fixes Available NowMay 09, 2025 am 09:40 AMApple released the macOS Sequoia 15.1.1 update, a small software update that mainly contains important Mac security fixes. This update does not contain any new features, but fixes multiple security vulnerabilities that are being actively exploited, so it is highly recommended that you install this important update on your Apple device. In addition, Apple has released iOS 18.1.1 for iPhone, iPadOS 18.1.1, visionOS 2.1.1, and iOS 17.7.2 and iPadOS 17.7.2, all of which include the same security patches. How to download and install mac
Mist Makes Downloading MacOS Installers & Firmwares EasyMay 09, 2025 am 09:37 AMMist: A powerful tool for easy downloading of macOS installers and firmware Many Mac users, IT staff and system administrators like to keep abreast of macOS installation programs, including current and previous versions of macOS system software. Additionally, many advanced Mac users and IT professionals need to access macOS IPSW firmware files at any time to restore Apple Silicon Macs, use them for virtual machines, and even for deployment, troubleshooting, or simple reconfiguration and setup of your Mac. This is where the free Mist tool comes into play, it makes it very easy to download any available macOS IPSW firmware file or any version of macOS installer. Although we maintain it
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 English version
Recommended: Win version, supports code prompts!
SublimeText3 Mac version
God-level code editing software (SublimeText3)
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
