fa fa-remove_通过2fa应用和硬件令牌进行Twitter两因素身份验证

fa fa-remove

With over 145 million active users Twitter is widely used not only for personal entertainment but for business and political agendas too. Yet, surprisingly (or not, considering that they did admit to using phone numbers for targeting ads) Twitter has been reluctant to forgo SMS to deliver one time passwords for their 2 step verification for a very, very long time. Until finally, in November last year, they gave in and allowed for Twitter two-factor authentication without requiring the phone number.

Twitter拥有超过1.45亿活跃用户，不仅被广泛用于个人娱乐，而且还广泛用于商业和政治议程。 但是，令人惊讶的是(或者考虑到他们确实承认使用电话号码来定位广告)，Twitter很长时间以来一直不愿意放弃SMS为一次两步验证提供一次密码。 直到去年11月，他们才最终同意并允许Twitter进行两因素身份验证，而无需电话号码。

In this post we will look into all the 2FA methods Twitter supports, show you how to activate each of them and how to make sure you are able to login even if you lose your 2FA Twitter token.

在这篇文章中，我们将研究Twitter支持的所有2FA方法，向您展示如何激活它们中的每一种，以及如何确保即使丢失2FA Twitter令牌也能够登录。

如何通过短信启用Twitter 2FA以及是否值得 (How to enable Twitter 2FA via SMS and whether it’s worth it)

As we’ve already mentioned above — we are decidedly against Twitter 2FA SMS based. As a matter of fact — we vehemently insist that using SMS to deliver verification code for MFA anywhere, not only in Twitter 2FA, is not safe and should be avoided if at all possible.

如前所述，我们坚决反对基于Twitter 2FA SMS。 事实上，我们坚决主张，不仅在Twitter 2FA中，在任何地方都使用SMS来发送MFA的验证码是不安全的，应尽可能避免。

Why are we so against SMS? While it is convenient and cheap to use, it is also astonishingly easy to hack. The ways to break into an account that’s protected only this way are numerous. Starting with a simple SIM swap and ending with more complex things like intercepting the passwords by exploiting the numerous vulnerabilities of the telecom infrastructure. We’ve talked about these and other SMS 2FA vulnerabilities like fake cell towers extensively before, you can read it here.

为什么我们如此反对短信？ 虽然既方便又便宜，但也很容易被黑客入侵。 闯入仅以此方式受保护的帐户的方法有很多 。 从简单的SIM卡交换开始，到结束于更复杂的事情，例如通过利用电信基础设施的众多漏洞来拦截密码。 我们之前已经广泛讨论了这些和其他SMS 2FA漏洞，例如假手机发射塔，您可以在此处阅读。

Yet, while Twitter 2FA without SMS is the way to go, we do understand that circumstances might be demanding otherwise and one might want to know how to send Twitter two-factor authentication code via SMS. So here’s a simple guide on it:

然而，尽管没有SMS的Twitter 2FA是可行的方式，但我们的确理解情况可能会与此相反，并且人们可能想知道如何通过SMS发送Twitter两步验证码。 因此，这里有一个简单的指南：

1. Go to your account settings (“More” → “Settings and privacy”) and find “Security” →”Two-factor Authentication”.
   转到您的帐户设置(“更多”→“设置和隐私”)，然后找到“安全”→“双重身份验证”。
2. Check the “Text message” box and press “Get Started”.
   选中“短信”框，然后按“入门”。
3. Enter your user pass then press on “Verify”. If there’s no telephone number allied with the user, you will need to provide one now.
   输入您的用户密码，然后按“验证”。 如果没有与用户关联的电话号码，则需要立即提供。 <