Finally, without requiring a phone number, Twitter is rolling out support for two-factor authentication. Twitter said it was “working to improve” its reliance on telephone numbers back in September, and now users are rolling out the enhanced two-factor authentication options.
Following the hacking of the account of Twitter CEO Jack Dorsey in September due to a SIM swap fraud, the company has now given users Starting today, with two-factor authentication, Twitter rolled out the ability to secure the account without also having a phone number. What this implies is that you can use mobile security software like Authy or Google Authenticator to create two-factor authentication keys without having some sort of phone number for Twitter to fall back. the option to enable two-factor authentication (2FA) without a phone number. The Twitter security team has just announced that later today users will be able to do this
In 2017, Twitter has added support to use two-factor authentication code-generating applications. But until now, as a fall-back authentication method, users were still required to add a phone number to their Twitter account.
Sadly, encryption keys are still not ideal for deployment. A Twitter developer notes that if you are using a security key such as Yubikey, a second encryption mechanism such as SMS or a two-factor request is still needed. This is because security keys outside of Twitter’s web version are not supported:
“We currently require you to have a second method along with security keys as the latter is not supported outside the web at the moment. You also need a mobile security app if you want to disable SMS. We know this may not be enough, but we will continue to work on it!”
Here’s how to set up two-factor authentication on your Twitter account over the web:
- Tap the three dots in the toolbar on Twitter.com
- Select ‘ Settings
- Privacy ‘ Click ‘ Profile ‘ Click ‘ Safety ‘
You can now select two-factor options between text message, authentication app, and security key. So here’s how to delete your phone number from your Twitter profile: Click on the three dots in the Twitter.com toolbar then ‘ Settings>Privacy>Profile>Safe>Phone>Delete phone number. With the increasing prevalence of SIM swapping, the use of a security key or two-factor authentication device is inherently more secure than SMS. Besides, Twitter revealed last month that it “unintentionally” used two-factor telephone numbers to target advertising.
While the introduction of Twitter is still not flawless, it is certainly nice to see the company make substantial progress in this area.