Twitter plans to remove text-message two-factor authentication (2FA) from all accounts except those subscribed to Twitter Blue, effectively putting an essential user protection feature behind a paywall. The good news is that the site offers two other more secure methods of authentication that will remain free.
If you don’t want to pay $8 a month for Twitter Blue ($11 if you’re using the platform on your phone), you can easily move away from SMS authentication to security keys and authenticator apps. You can set up one or both so you don’t have to choose between security and savings.
How to protect your Twitter account with an authentication app
The menu for activating 2FA on your Twitter account is buried under a lot of options, but we can guide you along the path.
On the web, click the More option on the sidebar, open the Settings and support menu, and choose Settings and privacy. Next, go to Security and account access, Security, and finally, Two-factor authentication. If you’re on your phone, the steps are pretty much the same, but you’ll need to start by tapping your profile pic in the top left corner of your screen. Then go to Settings and support.
Once you’re in the two-factor authentication menu, you’ll see three methods you can activate by selecting the checkbox next to them: Text message, Authentication app, and Security key. Since the first one is about to cost money, let’s start with the second one.
The moment you check the box next to Authentication app, Twitter will ask for your password again. This is an extra security measure to make sure it is you making the changes and not someone taking advantage of the fact that you left the library in a hurry and forgot to log out of your account. Click Get started on the next window and the platform will show you a QR code. Keep it open while you set up the app on your phone.
Download and install your authentication app on one of your mobile devices. There are a lot of options to choose from in your gadget’s app store, but we’ll go with the Google Authenticator app (available for Android and iOS) because it’s free and easy to use. If you want to try something else, don’t worry—you’ll find the setup process pretty similar. Once the app is ready to use, open it, tap Get started, and it’ll offer you two options: Scan a QR code and Enter a setup key. The first is the easiest: tap it, give the app permission to use your device’s camera, and use that to scan the code Twitter gave you. Immediately, Google Authenticator will create a new item on a list where you’ll see the name of the account and a six-digit code that expires every 30 seconds.
Back on your computer, click the Next button under the QR code you just scanned, and type in the six digits you see on your authentication app. If the code is blinking red, it will expire soon, so we recommend you wait for the next one to avoid any syncing problems. Click Confirm and you’ll be all set.
If for whatever reason you can’t scan a QR code (maybe you dropped your phone and the cracked glass over the lens won’t let you), you can configure your app using a setup key. On Twitter, right under the QR code, click on Can’t scan the QR code? to reveal a 16-digit key. On Google Authenticator, choose Enter a setup key and type in the code you see on your computer. You’ll also have to provide an account name, just so you know where you’ll be able to use your code in the future. Finish by tapping Add, and on your computer click Next. On the following screen, type in the six-digit code you see on your authentication app, then hit Confirm.
Before you click Done in the next window, Twitter will offer you a single-use backup code to log into your account in case you don’t have access to your authentication app—it’ll come in handy if you lose your device or get locked out of it. Write down your code and store it in a safe place.
You can add as many accounts as you like to your authentication app, and if you get another phone or set up shop on another device, you can easily move your data using a QR code. Just tap the three-dot menu in the top right of your screen and choose Transfer accounts (Android) or Export accounts (iOS).
How to protect your Twitter account with a security key
Authentication apps provide a quick and simple way of protecting your Twitter account. But if you don’t want to download another app or just want to have an extra method of authentication, it’s a good idea to add a security key.
If you’re prone to losing your phone, you can use USB-compatible gizmos that act like a regular key: every time you sign into your account from a new computer, you’ll have to plug in the gadget and tap it to prove you are who you say you are. Depending on the device you have and the ports you have available, you can find security keys that are lightning-, USB-A-, or USB-C-compatible—the last of those three is especially useful, as you’ll also be able to plug it into most mobile devices. Prices vary depending on the brand and the compatibility, but you can find these keys for anywhere between $15 to $70. Whichever you get, make sure they’re compliant with FIDO standards, a protocol widely used in the tech industry and known for its high level of security.
But if you don’t feel like buying a security key, you can always use a phone or tablet as one. Using a device is similar to using a security key: whenever you log into your Twitter account from a new computer, for example, the platform will show you a passkey similar to a QR code. You can then use the camera on your mobile device to scan the code, and you’ll be good to go.
To protect your Twitter account with a security key, click the checkbox next to the option in the Two-factor authentication menu. On the emerging window, click Get started, go to Add key, and you’ll see two options: USB security key and A different device. For a USB key, click the former, plug the key into the relevant port, and touch it to activate it. On the next screen, give your key a name, then click Confirm.
To set up a phone or tablet as your security key, select A different device, and scan the passkey with your device’s camera. It’s possible your device will ask you for a biometric or passcode to unlock it. This will also happen every time you want to use it as a security key. Back on Twitter, name your device, and click Confirm.
Before you’re completely done, both of these options will give you a single-use backup code for whenever you don’t have access to your security keys. Write them down and keep them in a safe place in case you ever need them.
Unlike authenticator apps, you can have as many security keys as you want. Back in the Two-factor authentication menu, click on Manage security keys, go to Add another key, and follow the instructions. You’ll also see a list of the keys you’re already using on your account—click on each of them to rename or delete them.