Twitter Releases Two Step Login Verification

Twitter has officially released multifactor (otherwise known as two step) authentication for logging in to user accounts. The company announced on Wednesday that it now supports SMS-based multifactor authentication to verify accounts. This method involves setting up a designated phone number with the Twitter account, so that each time the user wishes to login to the account they are sent a text message with the randomly-generated code that they must enter before gaining access to the account.

We strongly encourage anyone using Twitter to get started with their login verification today. To do so:

  1. Visit your Twitter account settings page.
  2. Select “require a verification code when I login”.
  3. Click on the link to “add a phone” and follow all prompts.
  4. After you’ve enabled the login verification, you’ll be asked to enter the six-digit code that Twitter sends to your phone via SMS each time you try to login.

They also created a great short video on getting started:

The only downside we currently see is that Twitter does not support “page admins” at this time. A company must have one Twitter login to manage a brand page, unlike Facebook and G+ that allow individuals to have their own logins who then have admin access to manage a brand page. This means that the company must enable the login verification set-up with one particular phone, and ensure that whoever needs access to the brand’s Twitter account has access to that phone.

In general, though, we applaud Twitter for releasing two step authentication, and it seems to reflect a greater trend of services implementing improved security options for their users. And we agree with Twitter’s previous statements that companies and individuals also have a responsibility to follow best security practices, which includes the use of a password manager and following through on enabling available security options. We hope to see brands and individuals taking advantage of the new offering.

Will you be enabling Twitter’s two step authentication option? Share your thoughts in the comments below.


  • Blaine Moore says:

    I haven’t seen how well it plays with tools such as Hootsuite; I wouldn’t want to have to verify scheduled tweets every time.

  • Tester5 says:

    Two step login with a SMS… for twitter? I find that incredibly annoying, thanks god it’s optional.

  • burndive says:

    It might be possible to use a smartphone app like Tasker to instantly forward the SMS messages to multiple account admins.

  • Anonymous says:

    Be nice if you didn’t have to use SMS only, phone call?

  • Wayne Lloyd says:

    Disappointing my carrier VirginMobile UK is not supported, I wish they provided support for Google Authenticator

  • Anonymous says:

    In regards to using the new method with multiple admins, the companies could setup a free Google Voice account, set text forwarding to all the admins, and set the google voice number as the number Twitter sends the message to. All the admins would receive the text message when someone went to login.

  • simieski says:

    Shame they’re not using Google Authenticator App. No way I’m giving them my number.

    • David Willow says:

      Agreed. I do not want to use my phone number for anything that I do not have to. It just another thing for someone to lose (or share). Why not use the open source standard??? Even Microsoft is on board with it.

      How a company implements two factor authentication is becoming important enough that it will determine which sites and services I will actually use.