Twitter today is beefing up perhaps its most important consumer-facing security measure, two-factor authentication (2FA), with an
update to fully support third-party apps. Now, Twitter’s login verification feature (the name it gives its 2FA service) will let you rely on
apps like Google Authenticator and Authy, whereas before you had to, by default, input a code sent via text message.
This is important because SMS-based 2FA, although it’s tied to an individual phone number, uses static codes. That means those codes
could be intercepted in the event a hacker or some other malicious third-party has access to one or more alternative ways of viewing
messages on a device other than having physical access to it. With 2FA apps like Google Authenticator, the codes disappear in about 30
seconds, making it a more secure way to verify your identify and access your account.
Note that you still need a phone number to set up 2FA on Twitter because it’s used for account recovery. For those interested in setting
this up, the company now has directions on its login verification support page that outline how to enable a third-party 2FA app and how
to turn off text messages.
