Following a number of high-profile hacks Twitter has boosted account security on the site by introducing two-step logins.

Twitter is calling the feature ‘login verification’ and when users log into Twitter they will now be sent six-digit code via text each time, to check they are who they say they are.

This code will need to be entered onto the login screen in order for users to get access to their accounts.

Scroll down for video

Twitter has launched an optional two-step login verification that can be enabled in the account settings page. Users must enter a mobile number to enable the feature.

Twitter has launched an optional two-step login verification that can be enabled in the account settings page. Users must enter a mobile number to enable the feature. Each time they log into a unique six-digit code is sent via text message. This code must be entered to get access to the account



Go to

Click the cog icon in the top right-hand corner and go to the  account settings page.

Select ‘Require a verification code when I sign in.’

Click the link to ‘add a phone’ and follow the prompts.

After enabling login verification, you’ll be asked to enter a six-digit code that Twitter send to your phone via text message each time you sign in to

To disable the feature, go back to account settings and untick the login verification box.

If you get locked out of your account while two-step verification is enabled, or you lose your phone you must contact Twitter support and answer a series of security questions.


The feature is optional and is not currently turned on by default.

In a blog post, Jim O’Leary from Twitter’s product security team said:

‘Every day, a growing number of people log in to Twitter.

Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web.


‘We’re introducing a new security feature to better protect your Twitter account: login verification.’

Users can enable login verification on Twitter by going to their account settings page and selecting ‘Require a verification code when I sign in’.

After clicking ‘add a phone’, the user will get a verification code sent to the mobile number which is connected to their account.

Twitter has launched two-step logins after a series of high-profile accounts were hacked.

Twitter has launched two-step logins after a series of high-profile accounts were hacked. One account targeted by the Syrian Electronic Army was BBC Weather in March this year. Other hack victims include The Onion, Jeremy Clarkson and Ashton Kutcher


Once login verification has been enabled a temporary password will be need to log into Twitter on other devices and via Twitter apps.

Go to the Applications tab of your account settings on

Click the Generate button.

Enter your current account password and hit Generate again.

When prompted to log in to your other device or application, enter your username and use the temporary password that you were provided.

Temporary passwords will expire after one hour. 


This code must then be entered to verify that device to their account.

Each time a user with login verification enabled then signs in at, they will be sent another unique six-digit code that they must enter to get access to their account.

People who share access, such as business accounts, will need to have the code sent to a shared phone or nominate a person to receive the text.

Hackers have previously targeted the accounts of satire-news site The Onion, The Telegraph, Hollywood actor Ashton Kutcher, BBC Weather, Top Gear presenter Jeremy Clarkson and more.

In February, 250,000 Twitter users had their passwords stolen in an attack.

O’Leary added that when users try to access Twitter from apps and other devices a temporary password will need to be generated, from the applications page, to authorise the login.


However, O’Leary said that existing applications will ‘continue to work without disruption.’

He also said: ‘Of course, even with this new security option turned on, it’s still important for you to use a strong password and follow the rest of our advice for keeping your account secure.’

Facebook and Google already have two-step logins for their respective accounts.

Yet, David Emm, Senior Security Researcher at Kaspersky Lab believes there are pitfalls involved with the two-step verification process:

‘Two-factor authentication makes it difficult for someone to hijack an account, and its easy to see why Twitter has chosen to use SMS as the second authentication method.

Nearly everyone today has a mobile phone.

‘However, there are some potential pitfalls with using SMS as an authentication method.

Many people log into their Twitter account from their smartphone via the Twitter app which doesn’t require login credentials to be entered each time.

This means that the same device is being used for both authentication factors and if this device is lost or stolen, whoever finds (or has stolen) it will be able to access the account.

Therefore, in effect, there is no longer two-factor authentication. 

‘Also, it is possible that we will see the development of smartphone-based malware that is specifically designed to steal the SMS authentication code.’