At long last, Twitter is finally rolling out support for two-factor authentication without requiring a phone number. Twitter said it was “working on improving” its reliance on phone numbers back in September, and now the improved two-factor authentication options are rolling out to users.

In 2017, Twitter added support for using code generating applications for two-factor authentication. But up until now, users were still required to add a phone number to their Twitter account as a fall back method of authentication.

Starting today, Twitter is rolling out the ability to secure your account with two-factor authentication, without also supplying a phone number. What this means is that you can use a mobile security app, such as Authy or Google Authenticator, to generate two-factor authentication codes, without supplying Twitter with a phone number of any sort for fall back.

Unfortunately, the implementation still isn’t perfect with security keys. A Twitter engineer explains that if you use a security key such as Yubikey, you’re still required to have a second method of authentication such as SMS or a two-factor application. This is because security keys are not supported outside of the web version of Twitter:

Currently we require you to have a second method along with security keys since the latter isn’t currently supported outside web. If you’d like to disable sms, you need to also have a mobile security app. We know this might not be ideal but we’re going to keep working on it!

Here’s how to set-up two-factor authentication on your Twitter account via the web:

  1. Click the three dots in the sidebar on
  2. Click ‘Settings and Privacy’
  3. Click ‘Account’
  4. Click ‘Security’
  5. Click ‘Two-factor authentication’

Now, you can pick between text message, authentication app, and security key options for two-factor. And here’s how to remove your phone number from your Twitter profile:

  1. Click the three dots in the sidebar on
  2. Click ‘Settings and Privacy’
  3. Click ‘Account’
  4. Click ‘Security’
  5. Click ‘Phone’
  6. Click ‘Delete phone number’

Using a security key or authentication app two-factor is inherently more secure than SMS due to the growing prevalence of SIM swapping. Additionally, last month, Twitter disclosed that it “unintentionally” used two-factor phone numbers for advertising targeting.

While Twitter’s implementation still isn’t perfect, it’s certainly nice to see the company making significant strides in this area.

FTC: We use income earning auto affiliate links. More.

OWC USB-C Dock deal

Subscribe to 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Chance Miller

Chance is an editor for the entire 9to5 network and covers the latest Apple news for 9to5Mac.

Tips, questions, typos to