The new two-factor authentication is an application based verification, which basically means that it’s a system that provides a secure mechanism without having to rely on codes sent via SMS or other third-party solutions.

How Twitter’s new two-factor auth works?

With the new mechanism users can enroll by using a supported mobile app, which will generate a 2048-bit RSA key pair. This is a private key that is store in the phone and a public key then is sent to Twitter. The next time a user tries to sign in, Twitter will send a challenge based on a 190-bit, 32 character code, to the mobile app. Then the user gets a notification to approve or deny the sign in request. If approved, the app will automatically reply to challenge with the private key stored in the phone. Twitter verifies the entire transaction and only then the user is granted to get access to the social service. According to a new article on WIRED, Twitter wanted to implement “two-factor”, but the company didn’t want to follow everyone’s footsteps (e.g., Microsoft, Google, Apple, etc.). As a result the new secure verification does not require a phone number, users can backup codes generated by writing it down on a piece of paper and storing it in a safe place (users can even use the code to access the social network from the web browser), and when new login request is made, users can verify and approve the request. Now you only need a the Twitter app and an internet connection.

Authenticate without a phone

If you don’t have your phone, the company has also a method to get around this scenario. Basically, you’ll need to use the backup code, which then is checked by Twitter’s servers and if the result matches, you’ll be able to sign in.


To configure the new verification system in your Twitter account follow these step-by-step instructions:

  1. Make sure you have installed the latest version of Twitter mobile app.
  2. From the Me tab, open Settings and choose Security (Android users have to tap their name before selecting Security and users using a web browser simply need to scroll down on the Settings page and continue on the next step).
  3. Enable Login verification.
  4. Write down the generated backup code and store safely.
  5. After you’re enrolled, you can use the Twitter app to approve or deny sign in requests from one or all your accounts. The new end-to-end secure verification system is available today. Twitter is already pushing a new update to support the two-step authentication mechanism for Android and iOS, but sadly Windows Phone users will have to wait a bit longer. Also keep in mind that this new way to sign in to the social network is not a replacement to the already SMS-based login verification released back in May, it is just a new addition. Source Twitter All content on this site is provided with no warranties, express or implied. Use any information at your own risk. Always backup of your device and files before making any changes. Privacy policy info.