Today Twitter announced new methods for users to secure their accounts, now supporting third party apps for setting up two-factor authentication.
This means you can now disable SMS verification codes (which can be compromised if someone takes over your mobile number) and rather use a third party app, such as 1Password (your 1Password vault can be stored in iCloud), which has a built-in one-time password token generator.
Here’s how to setup your Twitter account to start using 1Password’s built in one-time password generator. This method is preferred since if you get a new phone number or device, you won’t need to set it up again as it will stay within 1Password (one of the best password managers out there).
1. Login to Twitter.com and click on your profile icon, then click Settings and privacy.
2. From here, click on Account, then go to Security and click ‘Review your login verification methods’:
3. From here, you’ll want to click ‘Set up’ under ‘Mobile Security app’ (the screenshot below says Edit because I already set mine up):
4. Next, you’ll see a QR code pop up on the screen. Hang tight.
5. Go grab your iPhone and launch 1Password. Find your Twitter login (create one if you don’t already have one), hit ‘edit’ and then tap the green ‘+’ icon next to ‘Add new one-time password’, then tap the QR code icon:
6. The iPhone camera will pop up within 1Password—just point your phone at the QR code on Twitter.com then hit done.
7. You’ll now see a one-time password generator, creating six-digit codes every 30 seconds. Enter the current code shown on Twitter.com to verify the process and to ensure the token generator works. Done.
The next time you need to login to Twitter.com and it asks for a verification code, launch 1Password and copy the latest one-time password to confirm your two-step login. That’s it.
It’s always prudent to setup two-step security for all your apps and logins if it’s available. Take the time to do this to secure your Twitter account.
Update: As noted by iPhone in Canada readers, true two-factor authentication means not having your token generator residing next to where your password is stored, such as in this example with 1Password. But having two-factor enabled is still better than not, if you’re okay with having 1Password store both your password and one-time password generator.