Skip to main content

Twitter rolling out support for two-factor authentication without a phone number

At long last, Twitter is finally rolling out support for two-factor authentication without requiring a phone number. Twitter said it was “working on improving” its reliance on phone numbers back in September, and now the improved two-factor authentication options are rolling out to users.

In 2017, Twitter added support for using code generating applications for two-factor authentication. But up until now, users were still required to add a phone number to their Twitter account as a fall back method of authentication.

Starting today, Twitter is rolling out the ability to secure your account with two-factor authentication, without also supplying a phone number. What this means is that you can use a mobile security app, such as Authy or Google Authenticator, to generate two-factor authentication codes, without supplying Twitter with a phone number of any sort for fall back.

Unfortunately, the implementation still isn’t perfect with security keys. A Twitter engineer explains that if you use a security key such as Yubikey, you’re still required to have a second method of authentication such as SMS or a two-factor application. This is because security keys are not supported outside of the web version of Twitter:

Currently we require you to have a second method along with security keys since the latter isn’t currently supported outside web. If you’d like to disable sms, you need to also have a mobile security app. We know this might not be ideal but we’re going to keep working on it!

Here’s how to set-up two-factor authentication on your Twitter account via the web:

  1. Click the three dots in the sidebar on Twitter.com
  2. Click ‘Settings and Privacy’
  3. Click ‘Account’
  4. Click ‘Security’
  5. Click ‘Two-factor authentication’

Now, you can pick between text message, authentication app, and security key options for two-factor. And here’s how to remove your phone number from your Twitter profile:

  1. Click the three dots in the sidebar on Twitter.com
  2. Click ‘Settings and Privacy’
  3. Click ‘Account’
  4. Click ‘Security’
  5. Click ‘Phone’
  6. Click ‘Delete phone number’

Using a security key or authentication app two-factor is inherently more secure than SMS due to the growing prevalence of SIM swapping. Additionally, last month, Twitter disclosed that it “unintentionally” used two-factor phone numbers for advertising targeting.

While Twitter’s implementation still isn’t perfect, it’s certainly nice to see the company making significant strides in this area.

FTC: We use income earning auto affiliate links. More.

OWC USB-C Dock deal
You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Subscribe to 9to5Mac on YouTube for more Apple news:

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications