Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Evening Standard
Evening Standard
Technology
Alan Martin

Twitter will soon charge for SMS 2FA — here’s how to protect your account without paying

In a month’s time, one of the mechanisms Twitter uses to protect account hacks will be a premium feature reserved for Twitter Blue users only.

Two-factor authentication (2FA) via text message will be turned off for everyone who doesn’t pay £7 per month for Twitter Blue on 20 March, 2023.

The security measure sends a text message with a code to an account’s connected phone number when a login is attempted. The user then has to enter the code to confirm it’s really them attempting to sign in.

But, as Twitter notes in its announcement, while SMS 2FA is better than nothing, it’s widely open to abuse. A determined hacker can use something called SIM jacking or SIM swapping to take control of your phone number, making it trivial to impersonate someone if they already have a working password.

“While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used — and abused — by bad actors,” the post explains.

What this doesn’t explain is why a security method the site deems insufficient for non-payers is still considered good enough for Twitter Blue subscribers. But the good news is that anybody — paid and free users alike — can sign up for more secure authentication via an app-based solution.

How to use 2FA on Twitter without paying for Twitter Blue

Using an authentication app is a more secure solution than SMS 2FA, though it is a little more inconvenient. Rather than being texted a one-time code, the app will constantly generate 2FA codes for you to type in when you log in, in a way that can’t be accessed by hackers in the way a text message can.

There are several different apps to choose from, with the most popular being Google Authenticator, Microsoft Authenticator and Authy. For the purposes of this guide, we’ll be using the free Google Authenticator app, but the steps should be similar if not identical for the alternatives.

1. Download Google Authenticator for iOS (here) or Android (here)

How to use 2FA on Twitter without paying for Twitter Blue 1 (Alan Martin)

2. In a browser, visit Twitter.com, log in and press the ‘More’ button on the left-hand side, followed by ‘Settings and Support’ and then ‘Settings and privacy’.

How to use 2FA on Twitter without paying for Twitter Blue (Alan Martin)

3. From the next menu, select ‘Security and account access’ and then ‘Security’.

How to use 2FA on Twitter without paying for Twitter Blue (Alan Martin)

4. Select ‘Two-factor authentication’.

How to use 2FA on Twitter without paying for Twitter Blue (Alan Martin)

5. Tick the ‘Authentication app’ box. Re-enter your password when prompted.

How to use 2FA on Twitter without paying for Twitter Blue (Alan Martin)

6. Twitter will generate a QR code. Open Google Authenticator and press the ‘Plus’ button at the bottom right-hand corner of the screen and ‘Scan a QR code’.

How to use 2FA on Twitter without paying for Twitter Blue (Alan Martin)

7. Scan the code on screen, and it will be added to your app. From now on, every time you log in to Twitter from somewhere new, you’ll be asked to type the code next to the entry in Google Authenticator (it changes every 30 seconds).

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.