Twitter Expands 2FA Options to Third-Party Authenticator Apps

Twitter has improved its security profile by widening two-factor authentication (2FA) for users. Twitter fans can now use supported third-party security options instead of SMS, including Google Authenticator, Duo Mobile, Authy, 1Password and others.

Twitter’s announcement was simple and made via, of course, a tweet:

“We’re rolling out an update to login verification. You’ll now be able to use a third party app for two-factor authentication instead of SMS text messages.”

As with most 2FA, when it’s enabled, a user logs in to, Twitter for iOS, Twitter for Android or, and will be asked to enter a six-digit login code as an extra layer of verification. By default, this is sent via SMS text message—but the addition of third-party apps expands convenience and choice for the Twitteratti.

To set it up, account holders can go to privacy settings, and within the account security area, enable 2FA using a mobile number. Once it’s enabled, users can control their options using a slider on that same account security page. It will be set to “text message” by default, but users can instead turn on the option for “security app.”

If a user is already logged in, he or she won’t be logged out of any existing sessions once login verification is enabled. If the user happens to log out of a third-party application associated with the Twitter account, he or she will need to log back in using a temporary password instead of the usual username and password combination.

According to Graham Cluley, writing for Tripwire, the benefits are obvious.

“From now on, whenever you try to login to your Twitter account you will be asked for the six-digit login verification code from your authenticator app after you have entered your username and password,” he said. “Even if your password is compromised in future, hackers are going to find it considerably more difficult to access your account.”

What’s Hot on Infosecurity Magazine?