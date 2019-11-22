Twitter finally lets users enable 2FA without a phone number
ELECTRONIC SULKING BOARD Twitter has announced that users can finally enrol for two-factor authentication (2FA) without handing over their phone number.
Until now, if users wanted to enable 2FA for their Twitter account, they had to register a phone number and enable SMS-based 2FA, which is known to be inherently insecure; back in October, for example, Twitter admitted that "unintentionally" fed advertisers users' 2FA phone numbers for targeted ad purposes.
The company is finally giving users the option to bypass SMS-based 2FA, and even disable it completely. Instead, users can now enable 2FA on Twitter using a mobile security app, such as Authy or Google Authenticator, without supplying Twitter with a phone number. Previous to this you still had to add a phone number if you chose to use a security app with your account.
We're also making it easier to secure your account with Two-Factor Authentication. Starting today, you can enroll in 2FA without a phone number. https://t.co/AxVB4QWFA1— Twitter Safety (@TwitterSafety) November 21, 2019
It's still not perfect, though. A Twitter engineer explains that if you decide to use a security key such as Yubikey, you're still required to add a second method of authentication due to the fact that these are not supported outside of the web version of Twitter:
Hi! Currently we require you to have a second method along with security keys since the latter isn't currently supported outside web. If you'd like to disable sms, you need to also have a mobile security app. We know this might not be ideal but we're going to keep working on it!— Jared Miller (@jcmi) November 21, 2019
To enable 2FA on Twitter, hit the 'More' button on the sidebar and then go to Settings and Privacy -> Account -> Security ->Two-Factor Authentication. You'll then be able to choose your preferred method. µ
