Now you can enable 2FA on Twitter without a phone number
There's a lot to be said for enhancing account security with two-factor authentication (2FA) but Twitter has long-insisted that this be done by handing over your phone number -- not something everyone is happy with.
But now the company has announced a change of heart. With immediate effect, Twitter says "you can Starting today, you can enroll in 2FA without a phone number". The move comes after Jack Dorsey's account was hijacked and used to send racist tweets, and just two months after Twitter revealed that 2FA data had 'inadvertently been used for advertising purposes'.
- Twitter tests new scheduled tweets option
- Twitter bans all political ads, and the world waits to see if Facebook will follow suit
- Twitter reveals 2FA security data has 'inadvertently been used for advertising purposes'
SMS-based 2FA has long been criticized for being insecure, but it has taken quite some time for Twitter to come around to this realization. While it is still possible to use your phone number for two-factor authentication with Twitter if you want, it is no longer necessary. You can instead rely on an authenticator app like Authy.
Twitter made the announcement in a tweet via its Twitter Safety account:
We're also making it easier to secure your account with Two-Factor Authentication. Starting today, you can enroll in 2FA without a phone number. https://t.co/AxVB4QWFA1
— Twitter Safety (@TwitterSafety) November 21, 2019
If you have already enabled 2FA for Twitter, you can now remove your phone number within your account settings.
Removing phone number-based authentication eliminates the risk of SIM swapping, a technique that can be used by hackers to hijack accounts. The move brings Twitter in line with other major tech companies -- including Facebook and Google -- which do not require users to divulge their phone numbers when opting in to 2FA.