Going a week without a major brand having its Twitter account compromised was starting to become a rare occurrence. Critics and users alike repeatedly called upon Twitter to release two-factor (or step) authentication. The added layer of security requires you to enter your password, and then a subsequent six-digit access anytime you try to log into Twitter. The short code is sent via text message to your cell phone, which means that any would-be hackers would need to not only crack your password, but to also have physical possession of your cell phone.
Twitter, on Wednesday, finally rolled out its first iteration of two-factor authentication.
Enabling the extra security on your account takes just a few seconds and is something every Twitter user should activate. It may require you to take a few extra seconds to log into the service, but having a secure account is worth it.
Setting up Twitter's two-factor authentication requires you to use a computer and visit your account settings page. Once logged into your account and viewing the settings page, scroll down until you find the "Account Security" option. It should be listed right above your country selection. Check the box next to "Require a verification code when I sign in." Once the box is checked, you'll be given a couple of prompts letting you know that the service is about to be enabled, and that it requires you to connect your mobile phone number to your Twitter account.
You'll receive a test text message, verifying that you have the right number added to your account. After indicating that you received the message, you're done setting up two-factor authentication.
The next time you try to log into the Web site, you'll use the same password you have now, but after entering it you'll be prompted to enter the code sent to your phone.
Now there are going to be times when apps and services aren't set up to deal with the added verification step properly, and when that does happen you'll need to have a random password generated to log in with. To get the temporary password, you'll need to visit your account's application settings page and click on the "Generate" button at the top of the page. Use this temporary password in place of your standard password when logging into the app or service.
I tested out how this would work by deleting and re-adding my Twitter account to my iOS device; I was forced to use a temporary password, and was able to log in without issue. But while using the Carbon app on Android, I wasn't able to use a generated password or the short code. Clearly there's some work yet to be done here, but it's a step in the right direction for both Twitter and its users.
An article published by Forbes brings up a good point about being forced to tie a phone number to your account. What happens should you lose your phone, or be in an area where cell signal is mediocre at best? By using a Google Voice number as your phone number with Twitter, you're able to view text messages through the Voice Web site, or any compatible Google Voice app. Due to limitations with Google Voice, it cannot forward any messages from Facebook, Skype or Twitter as SMS to a phone number, so if you need to receive it on a mobile device make sure you enable forwarding to e-mail. Doing so will ensure you'll always have access to your six-digit code, and in turn have access to your Twitter account. As the article mentioned above points out, this is also an ideal situation for brands and corporations who have more than one person accessing the Twitter account at any given time.
Update May 23, 2013, 11:27 a.m. PT: Clarified Google Voice tip