How to Enable Two-Factor Authentication on X (Twitter)

Twitter (now known as X) tightened its 2FA policy in 2023, making SMS-based two-factor authentication a paid feature for X Premium subscribers only. Free accounts must use an authenticator app or a hardware security key — which is actually the more secure choice anyway. Here is how to set it up.

How to Enable 2FA on X (Twitter) — Step by Step

1. Open x.com or the X mobile app and sign in.
2. Click or tap your profile icon, then go to Settings and Support → Settings and privacy.
3. Navigate to Security and account access → Security → Two-factor authentication.
4. Choose your preferred method: Authentication app or Security key. (SMS requires X Premium.)
5. For the authenticator app option: click Get started, then scan the QR code with your authenticator app, enter the 6-digit code to confirm, and click Confirm.
6. X will display a backup code. Save it immediately — you will need it if you lose access to your authenticator app.

Why X Removed Free SMS 2FA

In March 2023, X announced that SMS two-factor authentication would be restricted to X Premium (paid) subscribers. The stated reason was the cost and abuse of SMS infrastructure. From a security standpoint, this is actually a positive change — SMS 2FA is the weakest form of second factor due to SIM-swap attacks. Authenticator apps are more secure, free, and work without cellular connectivity.

Authenticator App vs Security Key on X

Authenticator App (TOTP)

Any standard TOTP app works with X — Google Authenticator, Authy, Microsoft Authenticator, 1Password, Bitwarden, and others. After entering your password at sign-in, X will ask for the 6-digit code currently showing in your app. The code refreshes every 30 seconds. This method works offline and cannot be SIM-swapped. It is the recommended choice for most users.

Security Key (WebAuthn)

A hardware key like YubiKey provides the highest level of protection. You plug in or tap the key when X prompts you. Because security keys use the WebAuthn standard, they cryptographically verify the domain you are signing in to — making them immune to phishing attacks. If your X account is important (business account, large following, brand account), a hardware key is worth the investment.

How to Disable X 2FA

To turn off two-factor authentication on X, navigate back to Settings → Security and account access → Security → Two-factor authentication and toggle off your current method. You will be prompted to enter your password to confirm.

What If I Lose My X 2FA Device?

Use the backup code X provided when you first set up 2FA. Enter it in place of your 2FA code on the sign-in screen. Once logged in, go to your security settings and either recover your 2FA setup or reconfigure it with a new device. If you do not have your backup code and cannot access your authenticator app, you will need to go through X's account recovery process, which may require email verification and identity checks.

Tips for Keeping Your X Account Secure

Beyond 2FA, use a strong and unique password for your X account. Regularly review the list of connected apps and revoke access to any you no longer use (Settings → Security and account access → Connected accounts). Be cautious about third-party tools that request your X credentials — always use OAuth-based authorisation rather than giving out your password directly.