Twitter now supports two-factor authentication without a phone number

Twitter Logo
Twitter Logo (Image credit: Android Central)

What you need to know

  • Twitter now supports two-factor authentication without a phone number.
  • Previously, users were still required to add a phone number to their Twitter account as a failsafe.
  • Security key users will still need a second method of authentication because security keys are not supported beyond Twitter's web version.

Twitter has announced that it now supports two-factor authentication without the need for a phone number.

@TwitterSafety tweeted the news yesterday, November 21.

See more

Previously, Twitter users who wished to use two-factor authentication to secure their Twitter account were required to provide a phone number as a backup option. It's well known that this left users vulnerable to SIM-swapping attacks, famously, Twitter CEO Jack Dorsey had his own Twitter account hacked in August of this year.

The news will come as a big relief to anyone wary of having to attach their phone number to their Twitter account. Twitter also faced controversy earlier this year, after it was forced to admit that phone numbers provided for safety or security purposes including two-factor authentication were inadvertently used for advertising.

Now users are able to unlink their phone number within account settings, whilst retaining two-factor authentication.

See more

However, there seems to be an interesting querk, in that security keys aren't supported outside of Twitter for web. One user was quick to point out that after adding Yubikey and removing his phone number, he recieved an email stating his two-factor authentication had been disabled, and that he must supply a phone number to reenable it. This means that outside of the web, users who wish to disable SMS also need to have a mobile security app, as one Twitter engineer pointed out:

See more

Essentially, what the update means is that when using 2FA, you now have to choose two options from SMS, authentication app and security key. Obviously, if you want to unlink your phone number from your Twitter account, you'll need to pick authentication app and security key. All of the necessary settings are found in the 'Settings and Privacy' section on your Twitter account on the web. Head to Account>Security>Phone and select 'Delete phone number.'

Stephen Warwick
News Editor

Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design.

Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9