Like so many, when I logged into Twitter yesterday, I received this message.
It was a little unusual and my first thought was that the scammers were trying a different tactic to try and steal my credentials.
I try to remember to set up two-factor authentication wherever possible. In a nutshell, it puts an added level of security to any account. Instead of a login and password, it adds the extra step of giving approval for access by making you do something on another device. The original and simplest way is to have the system send you a text message with a code and you end up filling that in to prove that you are you.
Twitter wants to move that to their paid accounts only.
Twitter actually offers three ways to use two-factor authentication.
Of course, the Twitter world was on fire with this move and the concept was trending. Other than trying to get people to pay for Twitter Blue to continue to use the text message feature, I’m guessing that even Twitter has to pay for text messages and it’s a cost cutting move. (my guess, not based on anything legit)
I already had a couple of Authenticator applications installed on my phone and have used them for other services; I just hadn’t done the same thing with Twitter. Some of the suggestions that I’ve read indicated that it provides a more secure environment than a text message. I kind of believe that given how easy people seem to be able to spoof phone numbers and call me.
Switching Twitter over was a piece of cake. I just unchecked the text message and moved to the authenticator application. That had to be set up which was as simple as Twitter displaying me a QR Code and I scanned it with my authenticator application. Unlike regular two-factor authentication with a text message, you do need to move quickly because the code rotates to another one if you drag your heals. I give thanks to taking Business Machines in Grade 10 and how I can quickly use the numeric keypad on this computer.
And that’s it. There are plenty of how-tos on YouTube if you need to see it in action.
I personally use the Google Authenticator. But, that’s not the only game in town. A complete list is available here.
It seems bizarre that I’m here confessing in open that I hadn’t moved my two-factor authentication a long time ago but here I am.
I would encourage everyone to consider two-factor authentication in all your online applications. Better safe than sorry.