Secure your Twitter account using 2FA – without paying for Twitter Blue

The tech billionaires are at it again. A few days before Zuckerberg announced the paid for Meta Verified feature, Twitter announced it is gating features behind its Twitter Blue subscription. Before long, we wonder if you’ll even be able to post without first lobbing eight quid per month into Elon Musk’s gaping maw. For now, though, two-factor authentication (2FA) is under fire – specifically of the SMS-based flavour.

2FA is important. It adds a second step to logins and makes it so someone can’t break into your account with your username and password alone. They’d also need a 2FA security PIN, which changes on a regular basis. If you’re not using 2FA for every account that offers it, you should be.

What makes SMS 2FA different?

With SMS, the code comes by way of a text message. There are concerns about this version of 2FA, notably that it’s vulnerable to SIM-swapping attacks. On Twitter, some have argued it’s beneficial that Twitter is gating SMS 2FA, because it’ll force people to use a properly secure method instead. 

That’s not a good take. Software engineer Ricky Mondello, an expert in usable security, explains why, outlining that friction is the enemy of security. In short, more security is better than less, even when methods are imperfect. 

How to secure your Twitter account for free

For Twitter, though, this change is not about security – it’s about money. Sending text messages isn’t free, hence Musk decreeing that SMS 2FA should be part of Twitter’s paid tier. That means your choice is to do without SMS 2FA, pay for Twitter Blue, or use an alternate 2FA method. We strongly recommend the last of those options.

In the future, we’ll be using passkeys. But we live in the present. For most people today, an authenticator app is the best bet. Here’s how to get started:

1. Download Google Authenticator or Authy. The former is simpler. The latter works with multiple devices – but make sure they’re all secure if you use that functionality. If you use an iPhone, you can instead opt for Apple’s first-party 2FA – in Settings, go to Passwords > Twitter > Set Up Verification Code.
2. In Twitter on a Mac or PC, go to … > Settings and Support > Settings and Privacy and then Security and account access > Security > Two-factor authentication > Authentication app.
3. Click Get Started and you’ll see a QR code on the screen. Use your phone’s authenticator app to scan it, which will link the app to your Twitter account.
4. Head back to Twitter and enter the generated code. Click Confirm. Note down the backup code, in case your phone in future is accidentally catapulted into a ravine or eaten by a giant wasp.
5. Mull that app-based 2FA isn’t that hard after all, and resolve to use it for a host of other services as well. LinkedIn, PayPal, Reddit and much more is compatible with Authy, and Google Authenticator is available on iOS/Apple, Android, BlackBerry, or Windows mobile devices.

• Read: How to save your data if Twitter dies

Craig Grannell Contributor

About

I’m a regular contributor to Stuff magazine and Stuff.tv, covering apps, games, Apple kit, Android, Lego, retro gaming and other interesting oddities. I also pen opinion pieces when the editor lets me, getting all serious about accessibility and predicting when sentient AI smart cookware will take over the world, in a terrifying mix of Bake Off and Terminator.

Areas of expertise

Mobile apps and games, Macs, iOS and tvOS devices, Android, retro games, crowdfunding, design, how to fight off an enraged smart saucepan with a massive stick.