Skip to content
Naked Security Naked Security

How to set up two-step verification on Twitter

This guide walks you through how to set up two-step verification for your Twitter account.

We’ve been reviewing why two-factor authentication (2FA) is so important, and how to set it up on various websites and services you might commonly use. When 2FA is available, it’s a great feature to enable to help secure your account, and thankfully it’s becoming more and more common on a number of popular sites.

Today I’ll walk you through how to secure your Twitter account with two-factor authentication. It only takes a few minutes!

  1. First things first – if you haven’t added a mobile phone number to your profile (which you will need for Twitter’s 2FA), let’s do that now. Log in to your account from a desktop computer. Upon logging in, click your user avatar (top right corner of the screen) and then click “Settings.”Tw2FA1
  2. Now in the settings screen, click “Mobile” on the left side of the screen.Tw2FA2
  3. Add your phone number here, using the correct country code.Tw2FA3
  4. Twitter will send a text message with a numerical code to the phone number you’ve entered.Tw2FA4a
    Enter that numerical code back on the Twitter screen, and then click “Activate phone.”


  5. You’ll now get a confirmation code that your phone has been activated correctly and added to your account.Tw2FA5
  6. Now that your phone is paired to your account, you can take the next step to activate 2FA. On the left side of the screen, click “Security and Privacy.”Tw2FA6
  7. You’ll now see the Security screen, and the field we’re interested in is “Login Verification.” We want to click that ticky box that says “Verify login requests.”Tw2FA7
  8. Upon clicking that box, a box will pop up on the screen explaining the 2FA process. Twitter uses SMS-based 2FA – for those hoping for a mobile authenticator app instead, that option isn’t available at the moment.  Click “Start.”Tw2FA8
  9. This next screen is a bit of a repeat of what we just did in step 4.Tw2FA9
  10. Twitter will send a numerical code to your phone:Tw2FA10a
    And be sure to enter it back on the Twitter screen and hit “Submit.”
  11. Upon hitting Submit, Twitter will confirm that you’ve set up 2FA correctly, and give you the option of generating a backup code. I strongly recommend generating the backup code – if you ever lose access to your phone when 2FA is enabled, this code will allow you to regain access to your account. You don’t want to get locked out!Tw2FA11
  12. The next screen will show you the backup code for your account, and instructions to keep this code somewhere safe. You definitely don’t want to keep it on your phone! Print the code out or write it down and keep it somewhere safe – somewhere not near your phone.Tw2FA12

    When you’re finished, hit “Done.”

  13. Twitter will verify that your account now has 2FA enabled by showing you the Security screen with the “Verify login requests” option already checked, and a message that upon login you will receive a text message to your phone number.Tw2FA13a
    You’ll also get a confirmation email sent to the address registered to your Twitter account.


That’s all there is to it for setting up 2FA for your Twitter account.

You can check out our other guides on setting up two-factor authentication for Amazon and Gmail.


I love two-factor authentication! Don’t get me wrong, I use it whenever it’s available. However, I think it’s also worth noting in these articles that the services do not necessarily use the provided phone number *ONLY* for authentication. This is what Twitter says on their website:

FAQs about having a phone number associated with your account.
Why should I have a phone number associated with my Twitter account?
When your Twitter account has a phone number associated with it, you have access to additional benefits that include:
* Access to security features like login verification, which helps keep your account secure.
* Connecting with contacts who are already on Twitter.
* Allowing your friends to find you (if they have your phone number saved as a contact).

First and foremost, Twitter is a social media platform. I suspect it offers SMS as opposed to a mobile authenticator app precisely so that there’s more incentive for users to link a personal phone number, which is about as strong a personal identifier as you can give. So this is a super-effective way of tying an individual’s Twitter activity to a whole lot more data, making it more valuable from a big data-mining and marketing perspective. I’m quite sure all this is being resold to data brokers or used in-house, or both.

So we get increased account security for sure, but I strongly suspect we are sacrificing individual privacy at the same time.

My point: definitely check out 2FA. It’s very valuable. But read up on how else the phone number may be used, and try to make an informed decision.



Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!