[mwww]

It's great to see another big web service implementing two-factor authentication. Looks like 2FA is going to be a standard option in web apps in the near future.

[signed0]

I'm really glad that they didn't go the Twitter route and develop something completely new.

[aroman]

How is twitter's 2fa completely new? I use it and it behaves exactly like Google's does.

[cheald]

When they rolled it out, it was SMS-only. It still doesn't use TOTP - they've baked something into their mobile app that allows it to function as the second factor, rather than just supporting the same 2FA scheme that everyone else does.

[aroman]

Ah, I wasn't aware they didn't support TOTP; I only ever use sms based 2fa.

[Sachse]

Since they don't use TOTP it's not possible to use their two-factor authentication with applications such as Google Authenticator or Authy. What's more, I don't think it even works with third-party Twitter clients (Correct me if I'm wrong), so you have to use Twitter's own apps.

[aroman]

It does indeed work with third-party apps using Google-style "app specific passwords". But I didn't know that it didn't support TOTP since I only use SMS authentication. I can see that as being a lame move, though.