Twitter users can benefit from security without a phone number. So, the users can now disable SMS-based two factor authentication (2FA). This kind of authentication proved to be problematic. One of the most well-known examples is the Twitter CEO Jack Dorsey‘s account, which was hacked in August. The attacker who tool control of his account posted hateful messages. In order to break the account, the attacker switched the SIM linked to his phone. Then, the system sent the 2FA code. This practice is known as a SIM wrapping.
According to Twitter, users can disable SMS-based two-factor authentication, because of the increased security risk of receiving 2FA codes via SMS.
2FA adds an extra layer of security to the online accounts. It requires a six-digit number after entering the password for the account. The codes were delivered via text messages. Now, you can receive the 2FA codes only through third-party apps or a dedicated security key. This is more secure and allows users access their accounts even when they can not receive text messages.
Steps for security without a phone number
Users who do not use a two-factor authentication for their Twitter account need to go to Account section – Security – Two factor authentication and select Authentication App. Then, it depends on the app you may choose. It generally consists of scanning a QR code, which allows the app to create the 2FA codes. Although it might last a few seconds more, it’s worth it.
After scanning the QR code, you will have to enter the six-digit number displayed in the app, to verify it’s set up correctly.
If you already use the 2FA and use an app for it should disable text messages codes. Thus, you prevent the risk of someone gaining access to your account via SIM swapping. All you need to do is to access your Account Section – Security – Two-factor authentication and remove the checkmark in the box for Text message.
Although it might seem a little inconvenient, Twitter made this decision for its users’ protection.