Twitter’s two-factor authentication system has received a long-requested boost in security, as the feature will no longer require the phone number of users.
Twitter rolled out its two-factor authentication system years ago. The feature, upon activation, requires account owners to type in a code sent to their associated phone number every time they attempt to sign in. It aims to provide an extra layer of security beyond account passwords, which have been prime targets for hackers.
The two-factor authentication system that Twitter implemented, however, still had several flaws, as it remained vulnerable to phishing attacks and SIM hijacking.
It took a while, but Twitter has finally improved the security of its two-factor authentication system, as well as made it easier to activate, by dropping the requirement for users’ phone numbers.
We're also making it easier to secure your account with Two-Factor Authentication. Starting today, you can enroll in 2FA without a phone number. https://t.co/AxVB4QWFA1
— Twitter Safety (@TwitterSafety) November 21, 2019
When users attempt to activate two-factor authentication, they will now be able to choose between three options for the second factor in addition to their account password. The options are a text message, authenticator app, and security key.
Security keys are physical devices that are arguably the best way to block hackers, as the would-be hackers would need to get their hands on the key before they are able to break into an account. Authenticator apps, however, are also a solid option. They may be downloaded through Apple’s App Store and the Google Play Store, then paired with the Twitter account to enable two-factor authentication.
For Twitter users who already have two-factor authentication set up, deleting their phone numbers will make the “Safeguard your account” prompt appear. Some users have been warned by the website or app that removing their phone numbers would deactivate the security feature. These messages should go away soon as the changes continue to roll out.
Beyond wanting an additional layer of security, there may be another reason users want to move away from using phone numbers for two-factor authentication. Twitter revealed last month that some of the phone numbers and email addresses submitted by users may have been inadvertently used for advertising purposes.
To enable or update a Twitter account’s two-factor authentication, users simply need to enter the Settings menu and access the Security section under Account. Selecting the Login Verification option will present the three options for the system. After choosing to use either a security key or an authenticator app, users may then delete their phone numbers by moving back up to the Account menu, tapping their phone number, and hitting delete.
- Apple’s security trumps Microsoft and Twitter’s, say feds
- Passwords are hard and people are lazy, new report shows
- Twitter accused of selling your phone number to advertisers
- Nest makes two-factor authentication mandatory for its smart home devices
- Twitter says state-backed attackers may have nabbed phone numbers