Two-step Login for Twitter with Bitwarden

Yesterday we learned about high profile attacks on prominent Twitter accounts. While we do not know all of the details, we applaud the fast response and communications from the Twitter team. And while it appears that this attack did not directly involve end-user security, it always helps to have reminders to boost safety and protection of our accounts.

Fortunately, Twitter makes two-factor authentication configuration straightforward. We often refer to this as two-step login for easy understanding.

This post will walk you through setting up two-step login for your Twitter account using Bitwarden and the built in Bitwarden Authenticator. Please note that this is a Bitwarden Premium feature. However, far beyond securing Twitter, the extra Bitwarden capabilities of encrypted storage, built-in authentication options, and ability to use physical security keys will provide benefits across your digital lifestyle.

From the Twitter website, choose the three dot ‘More’ menu options on the left hand side. From there choose ‘Setting and Privacy’ and then ‘Security’ and then ‘Two-factor authentication.’

Twitter offers three options for authentication: text message, security key, and an authentication app Text message is perhaps the least secure option because there are known scenarios where malicious actors can port your phone number to a new SIM card without your knowledge. This is referred to as SIM jacking. There is also an option for a hardware security key, which is a good option.

We would choose the two-step login with an Authenticator app, and here is where the power of Bitwarden comes into play. We can create a two-step login sequence directly within the Bitwarden application, simplifying the login process, and strengthening our end user security profile.

You will eventually be prompted with a QR code to scan with your Authenticator application. Here we can use the Bitwarden authenticator that is included with Bitwarden Premium features.

On your mobile device, with Bitwarden open, and the entry for Twitter in Edit mode, you can capture the Authenticator Key (TOTP) by clicking the camera and capturing the QR code from your web browser.

Save the entry and you will then get the 6-digit token from your Bitwarden application to enter into the Twitter website.

After that you’ll be all set!

Similar to when you set up two-step login on any website, you are often provided with backup codes should you ever lose your original authentication capability. Keeping track of your backup codes is important! You have many options, but one is to place your backup codes into a Secure Note within Bitwarden. This keeps them separate from your Login info, but not so far away that you will misplace them. Of course, some people would recommend that you keep your backup codes in a completely separate place, and that is ok, too. Just keep them in a safe and memorable place.

Once two-factor authentication is configured within Twitter, you will see an option for ‘Backup Codes’

It is VERY IMPORTANT that you generate and store backup codes in a safe place, separate from your other Twitter login information. You may even want to generate a few codes in a text file (without saving), and then print it out for safe keeping. These backup codes could also be stored within a Secure Note in Bitwarden.

For more information on two-step login, please see our Bitwarden Field Guide for Two-Step Login.

To start with Bitwarden and Premium Features to automatically handle two-step login sign up here.