Every day, a growing number of people log in to Twitter. Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web.
Today we’re introducing a new security feature to better protect your Twitter account: login verification.
This is a form of two-factor authentication. When you sign in to twitter.com, there’s a second check to make sure it’s really you. You’ll be asked to register a verified phone number and a confirmed email address. To get started, follow these steps:
- Visit your account settings page.
- Select “Require a verification code when I sign in.”
- Click on the link to “add a phone” and follow the prompts.
- After you enroll in login verification, you’ll be asked to enter a six-digit code that we send to your phone via SMS each time you sign in to twitter.com.
With login verification enabled, your existing applications will continue to work without disruption. If you need to sign in to your Twitter account on other devices or apps, visit your applications page to generate a temporary password to log in and authorize that application.
Of course, even with this new security option turned on, it’s still important for you to use a strong password and follow the rest of our advice for keeping your account secure.
This release is built on top of Twitter via SMS, so we need to be able to send a text to your phone before you can enroll in login verification (which may not work with some cell phone providers). However, much of the server-side engineering work required to ship this feature has cleared the way for us to deliver more account security enhancements in the future. Stay tuned.
Posted by Jim O’Leary (@jimio)
Product Security Team