Estimated time: 15 minutes

It’s really hard to get your Twitter account back once you’ve lost it, so here’s 8 simple steps to make it much harder for hackers to steal your account from you (unless they have insider access, in which case you’re probably done for anyways).

Remove your phone number

There are no good reasons to keep a phone number attached to your account, and it’s the easiest way for a hacker to get into your account after SIM swapping you. Getting verified requires you to add a phone number, but you can remove it afterwards.

1. Go to https://twitter.com/settings/phone
2. If a phone number exists, remove it with “Delete phone number”

Configure 2FA

Two-factor authentication is extremely useful to protect against hackers, but not if you’re using SMS 2FA and the hackers have access to your phone number. You should almost always prefer using an authenticator app or security key. Make sure you’ve stored your backup codes somewhere secure.

1. Go to https://twitter.com/settings/account/login_verification
2. Make sure “Text message” is disabled
3. Make sure either “Authentication app” or “Security key” is enabled
   1. If you choose an authentication app, you can store your TOTP secret in 1Password or Google Authenticator (but make sure to disable sync)
   2. If you choose security keys, you’ll probably want two at minimum in case one of them dies. I recommend Yubico keys - they’re expensive but worth it
4. Select “Backup codes”, then generate a new backup code. Write this down somewhere safe (or honestly, just put it in your password manager too)

Revoke access from delegated accounts

Twitter allows you to delegate access to your account to other accounts. If your account was previously compromised, this is a sneaky way for attackers to maintain access over your account even after you recover control.

1. Go to https://twitter.com/settings/delegate/members
2. For every account, if you don’t recognize it, click “Remove from group”

Enable password reset protect