TOTP in Twitter #2

XIII

Twitter now officially supports 2FA via 3rd-party Apps (like 1Password):

https://9to5mac.com/2017/12/20/twitter-two-factor-auth-third-party-apps/
https://help.twitter.com/en/managing-your-account/two-factor-authentication

However, I still don't seem to get it to work.

Note: I have the old push notification based login verification. Anyone got that to work in combination with the new 2FA? How?

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

rudy

@XIII,

Which is weird, because i've had TOTP setup in 1Password for my Twitter account for what seems like years. It would always show up on SMS after I had already gotten the code dropped on my clipboard. The upside now is that once you have an app tracking your 2FA secret you can turn off SMS entirely, since its about as secure as giving your keys to a burglar.

Rudy

XIII

I don’t get SMS but push notifications to approve a login in their native App.

I’m afraid I loose this option if I disable 2FA and set it up again.

Maybe someone else was brave enough to try? If so, what happened?

AGAlumB

@XIII: Sure, why not? :lol:

I don't mind taking a break from Twitter if this breaks my account, so I figured I'd give it a shot. Here's what I did:

1. Login to Twitter
2. Settings and Privacy
3. Security
4. Login verification
5. Set up
6. Review your login verification methods
7. Mobile security app
8. Set up
9. Can't scan the code?
10. Text message
11. Edit
12. Off
13. Save changes

Done. Seems to work, and I didn't get locked out! :chuffed:

XIII

@brenty Thanks for trying! But were you in the same position? Did you get push notifications instead of SMS messages before?

AGAlumB

@XIII: Hmm. Maybe I am misunderstanding. I wasn't getting anything before. I enabled this on my account explicitly to try this. The steps above are exactly what I did to get only TOTP enabled. :blush:

rudy

@XIII,

That option appears to be completely gone, at least from what I can tell. And the iOS app doesn't seem to let you turn off SMS sending directly at least the version I've got installed.

Rudy

XIII

I have this “pre March 21, 2016” (Duo like) setup:

If you enrolled in login verification before March 21, 2016: When you log in to your account on twitter.com or on another device using Twitter for iOS, Twitter for Android, or mobile.twitter.com, a push notification will be sent to your phone. Open the push notification to approve the login request. Once you approve, you will be immediately logged in to your account on twitter.com.

https://help.twitter.com/en/managing-your-account/two-factor-authentication

I’d like to keep that, but add TOTP, without SMS.

Too bad Twitter still makes a mess of this...

rudy

@XIII,

Maybe they'll get it right on the next go around? 3rd time's the charm and all?

Rudy

tomizza

as of today my 1-time-password for twitter gets rejected as "incorrect" (verification code) -- as this does happen with three different twitter-accounts and even if i re-set-up 2fa i wonder what is happening? something broken on twitters side? or on agilebits? anybody else having this problem?

i just double-checked with mobile google authenticator by copying & pasting the secret part from 1passwords entry (otpauth://totp/...) -- and the 1-time-passwords produced by google authenticator do work!
1password (for mac) does "produce" different & incorrect one-time-passwords, since when?

tripple-checked: 1password (for iOS) does produce correct one-time-passwords

help appreciated

tomizza

macOS: v6.8.8 (688001)
iOS: v6.9.1 (691001)

solution: the time was behind on my mac for 1min14sec although it was set on automatic via time.euro.apple.com

Ben

Thanks for the update. Makes sense, as time is a critical component of TOTP. Being off even by just a few seconds can make a difference.

Ben