If you still haven’t properly secured your Twitter account with two-factor authentication then you have one less excuse today.

Twitter has announced that you can now use third-party apps (such as Google Authenticator, Authy, or 1Password) to verify yourself at login.

Which is great news, because previously – unlike many other online services – Twitter required you to either be capable of receiving SMS verification codes sent to your mobile phone, or to use their own smartphone app to verify a login.

Using SMS-based two-factor authentication has been frowned upon for some time, as criminals are able to exploit known weaknesses in the SS7 cellphone network to intercept text messages. In addition, there are countless malicious Android apps that are capable of capturing SMS codes as they are sent to devices, and then passing them on to account hackers.

Concerns grew so large in 2016 that NIST (the National Institute of Standards and Technology) announced it was no longer recommending two-factor authentication via SMS.

So, hopefully you’re convinced that it makes really good sense to enable two-factor authentication for your Twitter account, and even better to do it in a way that doesn’t involve you relying upon vulnerable SMS messages.

Here’s how to enable the feature (known as Login Verification in Twitter parlance):

1. Log into Twitter at www.twitter.com from your desktop’s browser.

2. In the top right-hand corner, click on your avatar to bring up a drop-down menu. Click on Settings and privacy.

3. Under Account, choose Set up login verification

If you have not previously configured 2FA for Twitter, you (Read more...)