wordpress blog stats
Connect with us

Hi, what are you looking for?

Twitter no longer requires phone numbers for two-factor authentication

Courtesy: Twitter

Twitter will no longer require users’ phone numbers to enable two factor authentication (2FA) on their accounts, Twitter Safety tweeted. While it hasn’t completely done away with mobile number 2FA, it is no longer mandatory to give the platform your phone number. Users can now enable 2FA using an authentication app, or a physical security key, without necessarily having to provide Twitter with their phone number.

What’s new? The first option is to use an authenticator app which generates a random string of six-digit OTP. Some such apps are Google Authenticator, Authy and YubiKey. If you select this option, you will have to link your Twitter account with a compatible authentication app. We tested this by using Google Authenticator and Authy, and it worked well. However, Authy required us to put in our mobile number to create an account.

Using Google Authenticator to enable 2FA on Twitter

The other option is to use a physical security key, and while this might be the most secure 2FA method, there is one caveat. Security keys currently, aren’t supported outside of Twitter on the web, so if a user is accessing Twitter via a mobile app, it will still ask him/her to have another 2FA method enabled as a backup, explained a Twitter engineer, after some users complained that they still had to provide their mobile number if they wanted to enable 2FA using a security key.

Security key to enable 2FA can only be used on Twitter web as of now.

Users can choose to delete their mobile number if they had earlier given it to Twitter. However, if a user had enabled 2FA using her/his phone number, Twitter will notify them that deletion of the number will automatically turn off 2FA.

The prompt that Twitter shows when you choose to delete your phone number from its service.

Why this matters: While two-factor authentication is undeniably a better way of securing your accounts, Twitter’s announcement comes as a belated acknowledgment that mobile number-based 2FA isn’t perhaps the best way. CEO Jack Dorsey’s account was hacked in August this year because the phone number associated with his account was compromised. Following that, Twitter had disabled the option to tweet via SMS, saying that carriers need to address “vulnerabilities” in their system, and it needs to rework its reliance on linked phone numbers for two-factor authentication.

  • In an undated blog post, the company had revealed that phone numbers provided to the service for security purposes such as 2FA might have been used to run targeted advertisements.
  • SMS-based 2FA can prove to be a risky proposition, after a series of SIM swapping attacks have showed that SMS messages can be hijacked to target users’ accounts.

You May Also Like


Twitter has tied up with Dailyhunt to distribute its curated Twitter Moments feed to the news aggregator app’s users. Dailyhunt announced the collaboration in...


The Standing Parliamentary Committee on Information Technology, headed by Congress politician Shashi Tharoor, has called on representatives of Facebook, Twitter, and the Ministry of...


The Polish government is planning to ban social media companies from blocking accounts. A draft law in the country will make it illegal for...


Between January and June 2020, Twitter received 12,700 information requests from governments and law enforcement agencies around the world, reflecting a significant increase of...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to Daily Newsletter

    © 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ