How To Switch Twitter 2FA From SMS To An App

Twitter is making a rather controversial change next month that would prevent the platform's non-paying users from using SMS as the second layer of authentication. Following the policy change, only Twitter Blue subscribers will be able to receive an SMS with a two-factor log-in code in order to access their account. Starting March 20, users that have chosen SMS as the method for two-factor authentication will no longer be able to request two-factor authentication codes via text message.

Moving ahead, they will only be left with two options: a physical security key and a third-party authenticator. Though frustrating, it's arguably a good move for users. Security experts have warned on numerous occasions about the risks associated with SMS, as hackers have repeatedly exploited vulnerabilities to intercept messages carrying security codes. Multiple companies have stopped relying on SMS-based security verification, and even the likes of Google now prefer on-device prompts for Android users instead of SMS-reliant identity verification.

You'll need an authenticator app

If you haven't used an authenticator app before, now's the perfect opportunity to set one up. An authenticator app is a mobile application that generates a temporary code to verify that it is actually you who is trying to log in. Instead of a getting a SMS code, or plugging in a physical security key, the authenticator app generates a time-sensitive code.

The good news is that there are plenty of capable authenticator apps out there that are totally free. Twilio Authy is one of the most popular cross-platform authenticator apps, but if you are deep into corporate workflow, Duo Mobile is worth a try. Google Authenticator is a reliable and easy-to-use free option. You can also check out LastPass Authenticator and the Microsoft Authenticator apps.

Once you've installed it on your Android or iOS smartphone, it's time to dive into the security settings of the app or service for which you want to enable two-factor authentication. These apps aren't only useful for Twitter: they can also protect accounts like Gmail and more. Once you've selected the option for using an authenticator app, you will be asked to add that app or service to your authenticator app.

A majority of online services these days generate a QR code, which you need to scan using the authenticator app installed on your phone. Once the code has been scanned, you may be asked to enter the code appearing on your phone's screen. After the initial verification is complete, the authenticator app will store that website's credentials, and you'll get a code from it every time you want to log in later.

Leave behind the SMS flaws

If you don't plan on paying for a Twitter Blue subscription, but are worried about losing two-factor authentication convenience, you can change the method for verification in a few simple steps:

  1. On the Twitter mobile app for Android and iOS, tap on the new round profile icon in the top-left corner of the screen.
  2. In the slide-out window that opens alongside the left edge of the screen, tap on Settings & Support, and then select Settings and privacy.
  3. On the Settings page, tap on Security and account access.
  4. Next, tap Security, followed by two-factor authentication.
  5. You will now see three separate toggles for Text Message, Authentication app, and Security Key.
  6. Flick the toggle for "Authentication app".
  7. You will now be asked to enter your Twitter account's password.

If you already have a third-party app installed on your phone, follow the on-screen prompts to finish the setup. Once done, whenever you try to log into Twitter in future, you'll need both your password and the time-sensitive code generated by the app.