TOTP in Twitter #2

Twitter now officially supports 2FA via 3rd-party Apps (like 1Password):

https://9to5mac.com/2017/12/20/twitter-two-factor-auth-third-party-apps/
https://help.twitter.com/en/managing-your-account/two-factor-authentication

However, I still don't seem to get it to work.

Note: I have the old push notification based login verification. Anyone got that to work in combination with the new 2FA? How?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • rudyrudy

    Team Member

    @XIII,

    Which is weird, because i've had TOTP setup in 1Password for my Twitter account for what seems like years. It would always show up on SMS after I had already gotten the code dropped on my clipboard. The upside now is that once you have an app tracking your 2FA secret you can turn off SMS entirely, since its about as secure as giving your keys to a burglar.

    Rudy

  • I don’t get SMS but push notifications to approve a login in their native App.

    I’m afraid I loose this option if I disable 2FA and set it up again.

    Maybe someone else was brave enough to try? If so, what happened?

  • brentybrenty

    Team Member

    @XIII: Sure, why not? :lol:

    I don't mind taking a break from Twitter if this breaks my account, so I figured I'd give it a shot. Here's what I did:

    1. Login to Twitter
    2. Settings and Privacy
    3. Security
    4. Login verification
    5. Set up
    6. Review your login verification methods
    7. Mobile security app
    8. Set up
    9. Can't scan the code?
    10. Text message
    11. Edit
    12. Off
    13. Save changes

    Done. Seems to work, and I didn't get locked out! :chuffed:

  • @brenty Thanks for trying! But were you in the same position? Did you get push notifications instead of SMS messages before?

  • brentybrenty

    Team Member

    @XIII: Hmm. Maybe I am misunderstanding. I wasn't getting anything before. I enabled this on my account explicitly to try this. The steps above are exactly what I did to get only TOTP enabled. :blush:

  • rudyrudy

    Team Member

    @XIII,

    That option appears to be completely gone, at least from what I can tell. And the iOS app doesn't seem to let you turn off SMS sending directly at least the version I've got installed.

    Rudy

  • XIIIXIII
    edited December 2017

    I have this “pre March 21, 2016” (Duo like) setup:

    If you enrolled in login verification before March 21, 2016: When you log in to your account on twitter.com or on another device using Twitter for iOS, Twitter for Android, or mobile.twitter.com, a push notification will be sent to your phone. Open the push notification to approve the login request. Once you approve, you will be immediately logged in to your account on twitter.com.

    https://help.twitter.com/en/managing-your-account/two-factor-authentication

    I’d like to keep that, but add TOTP, without SMS.

    Too bad Twitter still makes a mess of this...

  • rudyrudy

    Team Member

    @XIII,

    Maybe they'll get it right on the next go around? 3rd time's the charm and all?

    Rudy

  • tomizzatomizza
    edited May 2018

    as of today my 1-time-password for twitter gets rejected as "incorrect" (verification code) -- as this does happen with three different twitter-accounts and even if i re-set-up 2fa i wonder what is happening? something broken on twitters side? or on agilebits? anybody else having this problem?

    i just double-checked with mobile google authenticator by copying & pasting the secret part from 1passwords entry (otpauth://totp/...) -- and the 1-time-passwords produced by google authenticator do work!
    1password (for mac) does "produce" different & incorrect one-time-passwords, since when?

    tripple-checked: 1password (for iOS) does produce correct one-time-passwords

    help appreciated

  • tomizzatomizza
    edited May 2018

    macOS: v6.8.8 (688001)
    iOS: v6.9.1 (691001)

    solution: the time was behind on my mac for 1min14sec although it was set on automatic via time.euro.apple.com

  • BenBen AWS Team

    Team Member
    edited May 2018

    Thanks for the update. Makes sense, as time is a critical component of TOTP. Being off even by just a few seconds can make a difference.

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file