Earlier this month on NBC, Ben Collins reported that Twitter employees wanted to stress (just days into Elon Musk’s reign) that “the company is a nightmare” and “the website is built on sticks.” Those words have stayed with me in each daily disaster (sometimes multiple daily disasters) that reaches the public. The latest manifestation of this, other than possibly releasing development builds (the secret to making Twitter), is that some users are having trouble logging in with Two-Factor Authentification (a.k.a. 2FA).
What is 2FA on Twitter?
Before we get into the details, it’s important to remind everyone what 2FA does. This is a process where when you log into an account, you are required to provide additional security credentials beyond your password. This is something you want to have set up in any app just in case a password or email is compromised. Some apps have it automatically integrated, like when it emails/texts you to input in these numbers/letters after you have already signed in or require with an authenticator of your choice (like Google Authenticator).
On November 14, Elon Musk tweeted that Twitter was turning off 20% of its microservices because most of them aren’t needed for Twitter to work. As people began to back up their data and archive their tweets (a good practice in general), some of those with 2FA reported that they were not allowed back into the site.
Now, this doesn’t mean it was necessarily the 2FA, but many have reported issues securing their data in the days prior and, now, in trying to log back in while using 2FA. Some (in multiple threads, not just ones that stem from this tweet) say it’s just authenticator apps, but that email is fine, while others say nothing is working. Further complicating the matter is no warning on what microservices are included in this shutdown and the global scale of the conversation. Even people who had no issues are unsure about what may or may not be working, since there are multiple avenues to complete 2FA. So while one route worked for them, another route could block millions.
What should you do in the meantime?
Without a whistleblower or leak, we will not know if this is the case 100% because Twitter doesn’t have a comms team. It is just Musk. Most full-length stories and investigative reporting done by new sites, big and small, can only cite what Musk says, which is far less put together than a PR team. In the meantime, I’d avoid signing out of Twitter, and take the following steps.
(Preferably not on a mobile device.)
- Go into your settings > Security and account access
- Security > Two-factor authentication
- Backup codes
- Copy and paste that code somewhere safe. Also, write it down in a text or on paper and secure it in a safe location.
This code will serve as your backup way into your account.
If nothing else—seriously—PLEASE … make sure your Twitter password isn’t the same or too similar to a password you have on anything else.
(featured image: The Pokémon Company)
—The Mary Sue has a strict comment policy that forbids, but is not limited to, personal insults toward anyone, hate speech, and trolling.—
