The Syrian Electronic Army just loves hacking into Twitter. It breached the accounts of the BBC’s weather service, Financial Times, The Guardian, Telegraph and the Associated Press, and it’s more than likely not done yet.

Well, Twitter’s not just going take that lying down, so good for them that they decided to lock down those gates with a second set of keys. In fact, the two-factor authentication is good for everyone. Now businesses don’t have to worry about wayward staffers hopping on and damaging their rep, and you can breathe easy about unscrupulous types posing as you to spread porn links.

That’s not to say it’s perfect. The second verification step involves sending you a SMS, so take note if you’re not on an unlimited texting plan: The service messages you every time you log in.

As for the rest of us, here’s how to flip the switch for a more secure Twitter account.

How to Turn On Two-Step Authentication


  • Log in to Twitter like usual.
  • Go into your Twitter settings (on your desktop, it’s available in the gear icon, on the upper right).
  • Scroll down to “Account Security” and check “Require a verification code when I sign in.”
  • One of two things may happen at this point. If it’s your first time, you’ll be prompted to add your phone number. If you’ve already added a number on a previous visit, then you’ll get a pop-up window stating your phone needs to be verified to receive messages. Either way, the service is sending you a text message.
  • Check your phone for the text stating your phone is capable of receiving verification codes. If it’s there, go back to Twitter and, in the “Did you receive our message?” window, hit the “yes” button and enter your password. 

You’re all set! The next time you log into Twitter, you’ll see this window.


A six-digit verification code will be sent to your phone each time, so type that in and you’re ready to tweet.

Authenticating Other Apps

Once you’ve set up the new verification process, you may notice an interesting note in your settings: “Once activated, you will need to generate a temporary password to sign in to your Twitter account on other devices and apps.”

This appears to be a one-time only thing when, say, an app is requesting your Twitter credentials. Here’s how to set up a temporary password, from the Twitter support page.

  • Go to the Applications tab of your account settings on
  • Click the Generate button.
  • Enter your current account password and hit Generate again.
  • When prompted to log in to your other device or application, enter your username and use the temporary password that you were provided.
  • You’re in! The device or application will show up in your list of applications in your settings page.

Note: Temporary passwords will expire after one hour.

What do you think of Twitter’s two-step verification? Will the masses take to this, or will they opt to keep things simple with single-factor username/password authentication?