Popular microblogging platform, Twitter, has announced a new feature that would allow its users to change the default two-factor authentication (2FA) method. Until now, Twitter users had to set SMS as 2FA with no way to change the default method, however, starting now, Twitter will let users authenticate by using mobile one-time code or even a hardware key. This means Twitter users no longer need to register a phone number to enable 2FA for Twitter.
According to the platform’s safety account, it tweeted;
We’re also making it easier to secure your account with Two-Factor Authentication. Starting today, you can enroll in 2FA without a phone number. https://t.co/AxVB4QWFA1
— Twitter Safety (@TwitterSafety) November 21, 2019
This move from the social media giant comes months after Twitter CEO, Jack Dorsey’s account was hacked with SIM swap. The hackers refrained from bypassing SMS-based 2FA, however, the attack seems to have impacted Twitter and thus the more secure 2FA method.
For those who don’t know, the early days of 2FA saw email and SMS as the only two common 2FA methods accessible to almost everyone. However, most users choose to send codes via SMS because emails are hacked more often and people are more likely to carry their phones with them but on the flip side, SMS proved to be insecure and prone to other forms of attack, leading companies to develop better methods like authenticator apps, fingerprint and face scanners.
Sadly, Twitter required phone numbers to even enable 2FA in the first place, but with Twitter’s new 2FA method, users can now delete the phone number associated with their account and still be able to use 2FA.