Today, Twitter has announced an update to two-factor authentication (2FA) which finally brings support for third-party apps.
Twitter’s login verification feature will let you rely on apps like Google Authenticator and Authy. Previously, users would have to rely on a code sent via text message.
This is important because SMS-based 2FA, although it’s tied to an individual phone number, uses static codes. This means that those codes could be intercepted by an attacker, as there could be multiple ways to gain access to your incoming SMS messages without having physical access to the device.
We’re rolling out an update to login verification.
You’ll now be able to use a third party app for two-factor authentication instead of SMS text messages.https://t.co/UXl3xKLEaG
— Twitter Safety (@TwitterSafety) December 20, 2017
With 2FA apps like Google Authenticator, the codes disappear in about 30 seconds, making it a more secure way to verify your identify and access your account.
Twitter is still requiring that users provide a phone number to set up 2FA because it is used for account recovery. If you are interested in using a third-party app with Twitter’s 2FA, you can follow the instructions on the company’s login verification support page.