How To Secure Your Twitter Account Without Sms-Based Two-Factor Authentication

Helena Bosnjak
Mar 23, 2023
Apps, Security, Twitter

Since Twitter disabled SMS-based two-factor authentication (2FA) for non-paying users, there are still ways you can protect your twitter account for free. Stay here to read more about the reasons for this decision and what are other ways to protect your twitter account.

Why do we need two-factor authentication?

There isn’t much to be discussed about the reasons for including two-factor authentication. Maybe some methods have proven to not be secure anymore, but that’s why it’s better to have two-factor authentication, then just one.

Just imagine how easy it’ll be for hackers to hijack accounts if there wasn’t SMS-based two-factor authentication (2FA), even now its security is questionable. This two-factor authentication (2FA) is more like a double layer of protection for your account.

Why SMS-based two-factor authentication isn’t secure 

SMS-based two-factor authentication (2FA) isn’t secure anymore because it has become easy to hack in general. It is the easiest and thus the most popular two-factor authentication. There are many ways in which SMS-based two-factor authentication (2FA) shows unsecure 2FA method.

SIM Swap Scams

You get your code via SMS and copy it in order to confirm that it’s you that’s logging in into your account.However, hackers found a way to hack into accounts using SMS-based two-factor authentication (2FA). In other words, hackers, having enough information about the victim's phone, can contact the phone provider, and trick the provider that it’s the real owner of the phone, while the real phone user loses access to all phones and messages.

With this technique, he can easily access any victim’s accounts that uses SMS-based two-factor authentication (2FA). The reason why hackers do that is trying to access the victim's bank accounts as well, in cases where the victim uses SMS-based two-factor authentication (2FA) when accessing his bank account online.

Malware circumventing SMS-based two-factor authentication (2FA)

Security researchers such as ESET found many examples of malware that circumvents SMS-based two-factor authentication (2FA) along with other protection methods. One of such examples was the infamous Android banking trojan that was disguised as Flash Player.

This malware automatically sends all text messages to cybercriminals, giving them access to user’s bank accounts and similar important accounts. In addition to this, there are also malicious apps that do the same.

Phone spear phishing

This was how Twitter was hacked in 2020 when 130 Twitter accounts  of prominent figures were hijacked. Those hackers were posting tweets that promote Bitcoin on the behalf of those prominent figures, including Barack Obama, Bill Gates, and even Elon Musk.

Hackers hacked by disguising their emails and instant messages as sent from a trusted entity, which enabled them to access Twitter's internal system. They did this because they imitated Twitter’s VPN website. With this, they could learn more about Twitter’s processes and easel hack accounts. 

What are other two-factor authentications (2FA) for Twitter

Keeping in mind that the SMS-based two-factor authentication (2FA) is only available for those who pay for subscriptions, other Twitter users need to have other options for two-factor authentications.

These methods are probably even more secure than SMS-based two-factor authentication (2FA). They come in the form of an on-device authenticator app or having a hardware key. Here are the reasons why you should include them.

On-Device Authenticator Apps

This 2FA option is more secure than SMS-based 2FA because they automatically send the generated code during the process of authentication of your Twitter account, be it on your desktop or on your phone.

However, be sure that you have a genuine on-device authentication app. For Google users, there’s Google Authenticator, and for Microsoft users, there’s Microsoft Authenticator.

A Hardware Security Key

This 2FA is even more secure than on-device authenticator apps because it’s in the form of some physical key. It’s connected via Bluetooth, NFC or USB, making it unreachable for cybercriminals.

However, they are a bit impractical because you need to carry them all the time, safeguard them as well. Also, some of them come with additional features like fingerprint protection, but such keys are worth more than $100.

Don’t Ignore Two-Factor Authentication

This is so important, not just for your Twitter accounts. Every important account should have 2FA included. If you don’t have such, better do this. Keep calm and protect your data on all your accounts.

With so many attempts to hijack accounts, it won’t be surprising to have a three-factor authentication option. Everything that can protect our data is acceptable because we can’t stop hackers so easily.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. bruh said on August 18, 2023 at 1:25 pm

    Uhh, this has already been possible – I am not sure how but remember my brother telling me about it. I’m not a whatsapp user so not sure of the specifics, but something about sending the image as a file and somehow bypassing the default compression settings that are applied to inbound photos.

    He has also used this to share movies to whatsapp groups, and files 1Gb+.

    Like I said, I never used whatsapp, but I know 100% this isn’t a “brand new feature”, my brother literally showed me him doing it, like… 5 months ago?

  2. 💥 said on August 18, 2023 at 3:55 pm

    Martin, what happened to those: 12 Comments ( Is there a specific justifiable reason why they were deleted?

    Hmm, it looks like the gHacks website database is faulty, and not populating threads with their relevant cosponsoring posts.

  3. 45 RPM said on August 19, 2023 at 6:29 pm

    The page on ghacks this is on represents the best of why it has become so worthless, fill of click-bait junk that it’s about to be deleted from my ‘daily reads’.

    It’s really like “Press Release as re-written by some d*ck for clicks…poorly.” And the subjects are laughable. Can’t wait for “How to search for files on Windows”.

    1. owl said on August 20, 2023 at 12:51 am

      > The page on ghacks this is on represents the best of why it has become so worthless, fill of click-bait junk…

      Sadly, I have to agree.

      Only Martin and Ashwin are worth subscribing to.
      Especially Emre Çitak and Shaun are the worst ones.

      If intended “Clickbait”, it would mark the end of Ghacks Technology News.
      Ghacks doesn’t need crappy clickbaits. Clearly separate articles from newer authors (perhaps AIs and external sales person or external advertising man) as just “Advertisements”!

      We, the subscribers of Ghacks, urge Martin to make a decision.

  4. chessandonions said on August 20, 2023 at 12:40 am

    because nevermore wants to “monetize” on every aspect of human life…

  5. Frank Rizzo said on August 20, 2023 at 11:52 pm

    “Threads” is like the Walmart of Social Media.

  6. Ashray said on August 21, 2023 at 4:06 pm

    How hard can it be to clone a twitter version of that as well? They’re slow.

  7. Paul(us) said on August 21, 2023 at 5:16 pm

    Yes, why not mention how large the HD files can be?
    Why, not mention what version of WhatsApp is needed?
    These omissions make the article feel so bare. If not complete.

    1. Paul(us) said on August 21, 2023 at 5:18 pm

      Sorry posted on the wrong page.

  8. Marc said on August 21, 2023 at 6:00 pm

    such a long article for such a simple matter. Worthless article ! waste of time

  9. plusminus_ said on August 21, 2023 at 7:54 pm

    I already do this by attaching them via the ‘Document’ option.

  10. John G. said on August 21, 2023 at 11:43 pm

    I don’t know what’s going on here at Ghacks but it’s obvious that something is broken, comments are being mixed whatever the article, I am unable to find some of my later posts neither. :S

  11. Tom Hawack said on August 23, 2023 at 2:28 pm

    Quoting the article,
    “As users gain popularity, the value of their tokens may increase, allowing investors to reap rewards.”

    Besides, beyond the thrill and privacy risks or not, the point is to know how you gain popularity, be it on social sites as everywhere in life. Is it by being authentic, by remaining faithful to ourselves or is it to have this particular skill which is to understand what a majority likes, just like politicians, those who’d deny to the maximum extent compatible with their ideological partnership, in order to grab as many of the voters they can?

    I see the very concept of this as unhealthy, propagating what is already an increasing flaw : the quest for fame. I won’t be the only one to count himself out, definitely.

    1. Tom Hawack said on August 23, 2023 at 2:34 pm

      @John G. is right : my comment was posted on [] and it appears there but as well here at []

      This has been lasting for several days. Fix it or at least provide some explanations if you don’t mind.

  12. Tom said on August 24, 2023 at 11:53 am

    > Google Chrome is following in Safari’s footsteps by introducing a new feature that allows users to move the Chrome address bar to the bottom of the screen, enhancing user accessibility and interaction.

    Firefox did this long before Safari.

  13. Mavoy said on September 16, 2023 at 2:17 pm

    Basically they’ll do anything except fair royalties.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.