Is securing your accounts using passwords enough? For most people, the answer would be yes. But if you know that there are constant hacks and data leaks on the internet, you may think otherwise, or at least should.
The microblogging platform Twitter is also thinking about the same. To protect users' accounts, it has introduced two-factor authentication using authenticator apps for a while. At first, the feature wasn't easy to use until on April 17th, 2017 that the company made it easier.
Before the addition of third-party app support, users could only generate one-time login codes using the Twitter app's built-in tool or via SMS. For users that have been using third-party authenticator, like Google Authenticator for conveniency, Twitter' two-form authentication feature wasn't easy to use and far from ideal.
For that reason, Twitter has added the support for those sort of things, but however kept quiet about it.
In order to set up Twitter's two-factor authentication, users must first enable the feature using their mobile phone.
After having that feature enabled, they can then open Twitter using the web interface and under 'Security', check the box that says ‘Verify login requests’ and type in the verification code received via SMS on that page. Then, they need to go to Settings > Account to click on the 'Setup a code generator app'.
Users can scan the QR code using the authenticator app installed on their mobile device. If all went well, they'll see a six-digit code labeled Twitter in the app. The next time they try to log into Twitter, they'll be prompted to enter this code that changes every few seconds. It works even if the phone is offline.
Since users are required to keep a phone number tied to their account, removing that phone number will disable Twitter's two-factor authentication feature altogether. While this is certainly a drawback, but it's better than having no protection at all.