How to Enable Two-Factor Authentication on Twitter and Other Popular Sites

I don't get why Apple and Twitter don't support TOTP. It makes their 2FA useless for lots of people.

Did not know that Facebook have support for two-factor authentication.<p>Appreciate that EFF is putting effort into awareness on this issue.

Good stuff; FWIW, I've been playing with the Twilio (php) implementation and so far it looks like we may use this for a certain client...<p><a href="http://www.twilio.com/docs/howto/two-factor-authentication" rel="nofollow">http://www.twilio.com/docs/howto/two-factor-authentication</a>

Twitter doesn't allow me to ad 2fa because my carries (BSNL/India) isn't supported. Facebook doesn't give me an option to add Login Approvals because its not rolled out to everyone. I need 2fa, and I need it now!

Disappointing that each provider uses a different name. Imagine if they each had their own name for the password field. They should all just call it two-factor authentication.

Great, now that my Twitters, Googles and Dropboxes are 2FA enabled, how about a US bank follows suit? Pretty please? Ally, ING?

I have a question about this. What happens if I lose my phone ? Do I lose access to the account ?

WordPress.com also uses Google Authenticator to enable two factor auth.

Not using SMSs. Waiting until Google Authenticator or similar support.

Phishing [and mitm] attacks are not mitigated by two-factor.<p><a href="http://www.digitaltrends.com/social-media/thanks-twitter-but-heres-everything-thats-wrong-with-your-two-factor-authentication-set-up/" rel="nofollow">http://www.digitaltrends.com/social-media/thanks-twitter-but...</a><p><i>"So how can anyone hack Twitter with two-factor authentication in play? The account info you’ve just entered will automatically be entered into the real Twitter.com by the hacker. And seeing as how you’ve had your account info entered into Twitter.com for you, Twitter’s two-factor authentication will ping the victim with the SMS and temporary password as expected, Toopher (a two-factor security service) CEO Josh Alexander explains.<p>At that point, since you’ve received an SMS from Twitter, you’re probably under the assumption that the account recovery process seems legit and would continue to enter in that temp password into the fake Twitter site. Of course once that’s done you’ve lost complete control of your account."</i><p><a href="http://www.theregister.co.uk/2007/04/19/phishing_evades_two-factor_authentication/" rel="nofollow">http://www.theregister.co.uk/2007/04/19/phishing_evades_two-...</a><p><i>"Hackers sent the customers emails falsely claiming to be from ABN Amro. If recipients opened an attachment, software was installed on their machines without their knowledge. When customers visited their banking site, the software redirected them to a hacker-controlled mock site that requested their security details.<p>As soon as the hackers received these details they were able to log into a customer's account at the real ABN Amro site, before the expiry of the fob-generated number. They could then transfer the customer's money."</i> (they didn't need to redirect the customer to intercept the credentials but it makes it harder to detect)