Now, enable two-factor authentication on Twitter without linking your number
A few weeks back, Twitter drew serious flak for making numbers given for two-factor authentication available to advertisers. The issue was fixed soon after being discovered, but the root cause of the problem - number-linking - still remained. Now, Twitter is changing that by introducing a way to let you enable 2FA without actually giving your phone number. Here's all about it.
First, you should know about two-factor authentication
Just like Facebook, Twitter has also been offering two-factor authentication for a long while. The feature acts as a secondary security layer and authenticates log-in attempts to prevent third-parties from breaking into your account. However, as of now, Twitter offers three different authentication options: mobile number-reliant SMS verification, code generators like Google Authenticator, and a cryptographically-protected physical authentication device like the Yubikey.
SMS verification convenient but not safest
While giving your number and receiving messages to verify a login seems convenient, it's not the safest 2FA method. Essentially, due to an increase in SIM-swapping attacks, one can easily clone your number and intercept a login code to break into your account. Twitter's own co-founder Jack Dorsey suffered a similar SIM-swap attack, where his number was used to send out racist tweets.
Twitter required mobile number for enabling 2FA
Despite knowing the potential disadvantages of SMS-based 2FA, Twitter had kept it as the mandatory go-to method for enabling 2FA. This means, in order to enable the feature in the first place, you had to give your number and use SMS-based verification. Once that's done, you could switch to the other authentication options like code generator or the physical key.
Thankfully, you can switch 2FA method now
Now, with the latest change being rolled out, you can choose the code generator or the security key option, without giving your number. Just head over to Security & Privacy > Account > Security in the Twitter app and select the authentication option you want to choose. Notably, if you have text message authentication enabled, you can uncheck it and use some other option.
Changes being rolled out gradually
That said, it is worth noting that the changes have just started rolling out and might take a while to hit your device. Some users claimed that the 2FA system still requests users to give their number for code generator/security key option, but when we tried the same, both options worked seamlessly and all we had to give was the password for confirmation.