Share:

How to Setup Twitter Two-Factor Authentication with 1Password’s Built-In Generator [u]

Share:

Today Twitter announced new methods for users to secure their accounts, now supporting third party apps for setting up two-factor authentication.

This means you can now disable SMS verification codes (which can be compromised if someone takes over your mobile number) and rather use a third party app, such as 1Password (your 1Password vault can be stored in iCloud), which has a built-in one-time password token generator.

Here’s how to setup your Twitter account to start using 1Password’s built in one-time password generator. This method is preferred since if you get a new phone number or device, you won’t need to set it up again as it will stay within 1Password (one of the best password managers out there).

1. Login to Twitter.com and click on your profile icon, then click Settings and privacy.

Screenshot 2017 12 20 15 22 58

2. From here, click on Account, then go to Security and click ‘Review your login verification methods’:

Screenshot 2017 12 20 15 15 31

Screenshot 2017 12 20 15 15 18

3. From here, you’ll want to click ‘Set up’ under ‘Mobile Security app’ (the screenshot below says Edit because I already set mine up):

Screenshot 2017 12 20 15 26 23

4. Next, you’ll see a QR code pop up on the screen. Hang tight.

5. Go grab your iPhone and launch 1Password. Find your Twitter login (create one if you don’t already have one), hit ‘edit’ and then tap the green ‘+’ icon next to ‘Add new one-time password’, then tap the QR code icon:

IMG 0740 IMG 0741

6. The iPhone camera will pop up within 1Password—just point your phone at the QR code on Twitter.com then hit done.

7. You’ll now see a one-time password generator, creating six-digit codes every 30 seconds. Enter the current code shown on Twitter.com to verify the process and to ensure the token generator works. Done.

The next time you need to login to Twitter.com and it asks for a verification code, launch 1Password and copy the latest one-time password to confirm your two-step login. That’s it.

It’s always prudent to setup two-step security for all your apps and logins if it’s available. Take the time to do this to secure your Twitter account.

Update: As noted by iPhone in Canada readers, true two-factor authentication means not having your token generator residing next to where your password is stored, such as in this example with 1Password. But having two-factor enabled is still better than not, if you’re okay with having 1Password store both your password and one-time password generator.

Share:

  • Speaking as a cybersecurity professional, you’ve got this one entirely wrong. How can it be a second factor if your regular password and one-time password are both stored in exactly the same place? This is a common misunderstanding of how two-factor authentication works.

    A second factor is only valid if it’s a separate device, like a hardware FIDO key, or Google Authenticator app.

  • Rob Raymond

    I completely agree with you, convenience over security. Just enabling 2FA, even if it sits side by side with your password on the same device, is still better than nothing though.

  • Thanks, we’ve updated the article.

  • Nathan

    Authenticator code has been available for a long time. It is just now that Twitter allows you to opt out of SMS. Prior to yesterday, you can utilise both SMS and authenticator code. Too bad Twitter dropped Push Notification for 2FA.

Deals