Twitter: keep two-factor authentication without paying – 02/23/2023 – Tech

Those who use Twitter, do not pay for the subscription to the Blue service and have activated two-factor authentication via SMS (text messages) have until March 20 to disable this feature, under penalty of losing access to the account. Elon Musk’s social network will make this security option available only to subscribers, according to an announcement made on Friday (17).

There are, however, other options to strengthen protection against theft on Twitter profiles. Although it may be less convenient, there remains the alternative of turning on, on the platform itself, two-factor authentication with an external application.

The social network will then request a renewed code every 30 seconds, available only in that authentication app – it works like a bank security token or key.

To carry out this security procedure, the user will need to install free applications such as Google Authenticator, Microsoft Authenticator or Authy, from Twilio (which has a premium version for R$ 41.99 without ads). They can be downloaded from the App Store, by iPhone owners, and from the Play Store, by those with Android phones.

Next, they need to access the Twitter account from the computer and enter the settings. In this tab, select the option “security and account access”, then security, and finally “two-step authentication”.

If the “text message” option is checked on this page, the platform indicates deactivating it to guarantee access to the social network after the 20th. This same tab indicates the “authentication application” option, which must be selected.

Twitter will then ask for a password and display a QR Code. Then open the chosen authentication application and click on the “Scan QR Code” or “Read QR Code” option. The program will then display the dynamic security code.

There is also the option to turn on two-factor authentication with a physical security key, which requires the purchase of a device for around R$ 300.

According to Wired magazine, the two-factor authentication service via SMS began to show instabilities after Twitter announced the resignation of 3,700 employees, shortly after being purchased by Elon Musk, in October 2022. The cuts included employees in the areas engineering, security, IT and special operations.

The billionaire, who also owns Tesla, has been trying since the end of last year to shift the focus of the social network’s business model from advertising to subscriptions, inspired by streaming services and newspapers. Twitter comes from a history of account instability, having shown profit only in the 2018 and 2019 balance sheets.

After March 20, the SMS authentication service can only be used by Twitter Blue subscribers, which costs BRL 42 per month on the computer or BRL 60 per month for purchases made via smartphone. The plan also cuts the number of ads in half, guarantees a verification badge and other perks, such as greater reach to subscribers’ tweets and the ability to edit publications five times.

Computer scientist Nina da Hora wrote in her profile on the social network that two-step authentication via SMS does not protect the account as a whole, especially in relation to cloning. She also said that if access is lost, the ideal is to ask Twitter support for help, but few people do.

According to the specialist, the ideal is not to keep personal and professional content on the platform or on any social network. Nina advises having a copy of important files and using other online and offline locations to be a repository for work and the like.

The report searched Twitter, but had no response. The social network no longer has representation in Brazil after being acquired by Elon Musk. The latest updates were also not released on the Twitter blog aimed at the Brazilian public.

Top authentication app alternatives

Among the advantages of the application are not having to create an account and having a simple interface.

It does not, however, allow you to back up the tokens in the cloud and does not ask for an access password on Android phones — owners of IOS devices can activate the facial identification option to access it.

It does not allow hiding the keys, which facilitates access by another person who steals or tampers with the device.

It can be downloaded from the App Store at this link. Android users can download it here.

Heavier than Google’s competitor, Microsoft’s solution offers the possibility of activating a password for access and synchronization in the cloud, to recover tokens in case the cell phone is lost.

To enable sync on Android devices, you need a Microsoft account.

iPhone owners can download the app from the App Store. For Android users, it is downloaded from the Play Store.

Twilio’s solution asks for a password for access and offers cloud synchronization. It also allows the migration of tokens between Android and iPhone devices, in case the user changes operating system.

The free service is limited to three security codes and features advertising. The subscription costs BRL 42.

Download the app from the App Store (iPhone) or Play Store (Android).