Just a few minutes ago, Twitter enabled the option to protect accounts with 2FA (Two-Factor Authentication) without the user having to rely on SMS (Short Message Service, aka texting). Previously, you could choose between signing into your Twitter account with just a password or enabling 2FA with a six-digit SMS code texted to your phone.

It’s common knowledge that while 2FA with SMS is much, much better than using only a password, SMS can be spoofed easily, and a OTP (one-time pad) authentication such as that provided by Google Authenticator, Duo Mobile, or Authy is more secure. Nothing’s ever perfectly secure, but this is a good additional feature, and much thanks to the Twitter security team!

Twitter added these instructions, and I’ll break them down into individual steps below.

Here’s what this looked like when I did it, as the instructions aren’t perfectly clear about what your account settings will look like when you’re done.

Step 1:

Head to Settings and Privacy.

Hit the “Review your login verification methods” button.

Now you’re going to generate a backup code just in case by hitting the “Get backup code” button:

Now you’ll enable your third-party authentication app. Click “Edit” or “Setup” on “Mobile Security App”. Enable it by clicking the “On” radio button, and use whatever your choice of authentication app is to scan the barcode and add it by using the code generated.

Now you’ll turn off SMS.

Now verify your password.

This is what your Account Settings will look like if you’ve done this properly.

Test it by logging out and back in again.

Cheers and thanks from those of us in the privacy and security world!

ADDED 12/20/17, 14:55 Pacific: (1) If your email is unverified, you’ll have to go through that process first. (2) If you do not already have SMS 2FA set up, you’ll have to set that up before using this process. That means you have to have a phone number which Twitter can reach via text.

ADDED 12/20/17, 16:30 Pacific: I am receiving reports that this additional security is *not* available to people in Africa.