You’ve likely noticed the recent surge in X account takeovers. High-profile profiles everyday users & organisations have fallen victim to phishing campaigns, fake DMs from trusted contacts & other deceptive tactics. Attackers exploit these breaches to post cryptocurrency scams or lock owners out entirely—often resulting in financial losses, reputational harm or prolonged recovery efforts.
This trend underscores a critical truth: passwords, however strong, alone are insufficient in today’s hacking landscape.
Two-factor authentication (2FA) provides an essential additional layer of protection. It requires a second verification step beyond your password—typically a time-based code from an authenticator app, a physical security key or a text message—ensuring that, even if credentials are compromised, unauthorised access is still blocked.
Many social media platforms, such as X, support multiple 2FA methods, including authenticator apps security keys & text messages.
Why enabling 2FA matters urgently:
- Phishing attacks frequently trick users into revealing passwords via fake links or spoofed messages. 2FA halts these attempts.
- Credential stuffing—using leaked passwords from other breaches—fails when a second factor is required.
- Account compromise can cascade: attackers impersonate you target followers or extract sensitive information. 2FA dramatically reduces this risk.
Personally, I recommend physical security keys (such as these) for your most important accounts, due to their robust phishing resistance & cryptographic security. These hardware devices are highly effective against remote attacks since they require physical human touch to unlock & grant access to an account. You can even set it so that there’s an extra layer of security on top of that by requiring the key itself be unlocked by Yubico’s proprietary Yubico Authenticator first. However, while advanced, these dedicated security keys cost about 10,000 JPY or more, depending on the model & features, which may be too expensive for some people. Furthermore, it is recommended to not only have 1 but, at a minimum, 2 security keys–to act as a main & a backup to prevent permanent lockouts from your accounts.
For those seeking a free starting point, app-based 2FA remains highly secure & accessible. Applications such as Authy generate codes offline & resist common bypass methods like SIM swapping (far better than SMS alone).
How to Set Up 2FA
Set up takes just minutes. Here’s how for X (steps may vary slightly by device):
- Log in to X via the app or web.
- Navigate to Settings & privacy > Security & account access > Security > Two-factor authentication.
- Select your preferred method (security key recommended, but authenticator apps can also be used).
- Follow the prompts: scan the QR code with your authenticator app or register a security key by following the touch prompts on screen.
- Save the provided backup codes securely. Store them airgapped (offline, in writing, in a secure place you won’t forget), not on your device.
The process is relatively identical everywhere. Repeat it across all accounts that support 2FA—prioritise E-mail & financial services, not just social platforms.
Best practices
- 2FA is great, but strong passwords still matter. Use a password manager to generate & save long strings of random letters, numbers & symbols. The days of using pets’ names, birthdays, etc. are over.
- Prefer hardware keys or authenticator apps over SMS, since text messages are vulnerable to interception.
- Generate & store backup codes or set up multiple methods to avoid lockouts.
- Regularly review connected devices & sessions in account settings.
In an era of persistent phishing & account compromise threats, enabling 2FA everywhere possible is one of the most effective steps you can take to safeguard your digital presence.
Do it today—your accounts followers & peace of mind will benefit.
Stay secure. 🔒