Two-factor authentication is good! SMS-based two-factor authentication? Not the best option.
After countless tales of people having their phone numbers and inbound SMS hijacked by way of SIM swapping, it clear that SMS just isn&t the right solution for sending people secondary login codes.And yet, for many years, it been the mandatory go-to on Twitter .
You could switch to another option later (like Google Authenticator, or a physical Yubikey) — but to turn it on in the first place, you were locked into giving Twitter a phone number and using SMS.Twitter is getting around to fixing this, at long last.
The Twitter Safety team announced that you&ll be able to enable two-factor authentication without the need for a phone number, starting sometime today.This news comes just a few months after Jack Dorsey own Twitter account was hacked (seemingly by way of a SIM swap) and a few weeks after Twitter had to admit it was using phone numbers provided during the two-factor setup process for serving targeted ads.We're also making it easier to secure your account with Two-Factor Authentication.
Starting today, you can enroll in 2FA without a phone number.
https://t.co/AxVB4QWFA1— Twitter Safety (@TwitterSafety) November 21, 2019Some users are reporting that the setup process still requests a phone number, so it seems like this change is being rolled out rather than launching for everyone immediately.