Use two-factor authentication for your Twitter account

If you want to keep hackers away from your Twitter account, two-factor authentication could be just the thing.

Bad things can happen if your Twitter account gets hacked. At best, it annoys and confuses your followers; at worst, your account gets used to spread spam and malware. Ugh. Although nothing can completely stop hack attacks, using two-factor authentication can help.

Two-factor authentication--or as Twitter calls it, "login verification"--adds an additional layer of security when you try to log in to your account. In addition to entering your username and password, you also need to enter a single-use security code, which is usually sent to you via a text message or through the official Twitter smartphone app. This can prevent someone from accessing your account even if they get ahold of your username and password.

Twitter has a couple methods of supplying you a security code, and the method for setting it up is slightly different depending on which method you choose.

Getting verification codes via text message

To get your login verification codes in text messages, start by visiting and log in with your username and password. Next, click the gear icon in the upper right corner, and choose Settings from the menu that appears. On the next page, select Security and Privacy from the list on the left-hand side, then look for the Login Verification section under the Security heading.

At this point, select the button labelled Send login verification requests to my phone. Twitter will sent you a test text to make sure your phone can receive messages and ask you to make sure you got it. Once you do, Twitter will ask you for your password: Enter it when prompted and press Save Changes.

If the button is grayed out: You will have to add a phone number to your Twitter account: If that's the case, select Mobile from the list along the left-hand side of the window. Choose your country or region from the list, enter your cellphone number in the Phone number box, then press Activate phone.

Twitter will then ask you to send a text from your phone to activate it: Once you do--and once Twitter receives it--you'll get various options for receiving text message updates. You can adjust these now or come back to them later, but once you do, go back to the Security and Privacy section and set up login verification as described above.

Once you're set up, you'll get a text message that contains a six-digit verification code whenever you try to log into your account. Enter it when prompted, then press Submit. You will not have to log back into any Twitter client apps that are already associated with your account, but if you install a new Twitter client app on any of your devices, things get a little complicated.

If you want to log in using a Twitter client after turning on login verification, you will need to log in using a temporary password. To do so, go to the settings page on, select Password from the list on the left-hand side, then look for the Generate button in the upper right corner. Twitter will ask you to enter your regular password: Do as instructed, then press the Generate button, and Twitter will give you a temporary password you can use to log in using the app of your choice.

The temporary password does not replace your regular password: It's only to log into apps that don't directly support Twitter's login verification system, and it expires in one hour.

Getting verification codes through Twitter's mobile app

To use this option, you need to first install Twitter's official smartphone app for Android and iOS; you can get it from the Google Play store and the App Store, respectively. Open the app and sign in if asked, then tap the Me button in the black toolbar to get to your profile.

Next, click the gear icon on your profile page, then tap Settings. Tap Security on the settings screen,  then toggle the slider labelled Login verification. You'll be asked to confirm that you want to use this phone to receive verification codes; if you do, tap the Confirm button. At this point, Twitter till switch on login verification for your phone, and you'll need to have your phone with you to log into Twitter.

Once you set up your account to receive verification codes through the Twitter app, you'll want to make note of your backup code, which you can use to get into your account as a last resort. Go back to the Security pane in the app, tap Backup Code, and write down the alphanumeric code that appears. Keep this in a safe place!

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesWeb & socialsecurityAccess control and authenticationtwittersocial mediainternet

More about Google

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Nick Mediati

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts