It’s been a long time since I have had to enable 2FA on Twitter and found the process completely infuriating. Twitter’s 2FA configuration uses SMS as the default option, this is no longer advised by NIST.
We don’t have to look far to understand why; in the TTP’s leveraged to hijack a customers domain portfolio the weakest link was the attackers ability to hijack a users SIM card (i.e., which would lead to SMS hijacking).
It is recommended you leverage Time-based One-Time Password applications (e.g., Authy, Google Authenticator) for your 2FA needs. Unfortunately, doing this on the Twitter application requires multiple steps. This guide will walk you through the process.