In a month’s time, one of the mechanisms Twitter uses to protect account hacks will be a premium feature reserved for Twitter Blue users only.
Two-factor authentication (2FA) via text message will be turned off for everyone who doesn’t pay £7 per month for Twitter Blue on 20 March, 2023.
The security measure sends a text message with a code to an account’s connected phone number when a login is attempted. The user then has to enter the code to confirm it’s really them attempting to sign in.
But, as Twitter notes in its announcement, while SMS 2FA is better than nothing, it’s widely open to abuse. A determined hacker can use something called SIM jacking or SIM swapping to take control of your phone number, making it trivial to impersonate someone if they already have a working password.
“While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used — and abused — by bad actors,” the post explains.
What this doesn’t explain is why a security method the site deems insufficient for non-payers is still considered good enough for Twitter Blue subscribers. But the good news is that anybody — paid and free users alike — can sign up for more secure authentication via an app-based solution.
How to use 2FA on Twitter without paying for Twitter Blue
Using an authentication app is a more secure solution than SMS 2FA, though it is a little more inconvenient. Rather than being texted a one-time code, the app will constantly generate 2FA codes for you to type in when you log in, in a way that can’t be accessed by hackers in the way a text message can.
There are several different apps to choose from, with the most popular being Google Authenticator, Microsoft Authenticator and Authy. For the purposes of this guide, we’ll be using the free Google Authenticator app, but the steps should be similar if not identical for the alternatives.
1. Download Google Authenticator for iOS (here) or Android (here)
2. In a browser, visit Twitter.com, log in and press the ‘More’ button on the left-hand side, followed by ‘Settings and Support’ and then ‘Settings and privacy’.
3. From the next menu, select ‘Security and account access’ and then ‘Security’.
4. Select ‘Two-factor authentication’.
5. Tick the ‘Authentication app’ box. Re-enter your password when prompted.
6. Twitter will generate a QR code. Open Google Authenticator and press the ‘Plus’ button at the bottom right-hand corner of the screen and ‘Scan a QR code’.
7. Scan the code on screen, and it will be added to your app. From now on, every time you log in to Twitter from somewhere new, you’ll be asked to type the code next to the entry in Google Authenticator (it changes every 30 seconds).