Twitter rolling out support for two-factor authentication without a phone number

In 2017, Twitter added support for using code generating applications for two-factor authentication. But up until now, users were still required to add a phone number to their Twitter account as a fall back method of authentication.

Starting today, Twitter is rolling out the ability to secure your account with two-factor authentication, without also supplying a phone number. What this means is that you can use a mobile security app, such as Authy or Google Authenticator, to generate two-factor authentication codes, without supplying Twitter with a phone number of any sort for fall back.

Unfortunately, the implementation still isn't perfect with security keys. A Twitter engineer explains that if you use a security key such as Yubikey, you're still required to have a second method of authentication such as SMS or a two-factor application. This is because security keys are not supported outside of the web version of Twitter:

Currently we require you to have a second method along with security keys since the latter isn't currently supported outside web. If you'd like to disable sms, you need to also have a mobile security app. We know this might not be ideal but we're going to keep working on it!

Here's how to set-up two-factor authentication on your Twitter account via the web:

1. Click the three dots in the sidebar on Twitter.com
2. Click ‘Settings and Privacy'
3. Click ‘Account'
4. Click ‘Security'
5. Click ‘Two-factor authentication'

Now, you can pick between text message, authentication app, and security key options for two-factor. And here's how to remove your phone number from your Twitter profile:

1. Click the three dots in the sidebar on Twitter.com
2. Click ‘Settings and Privacy'
3. Click ‘Account'
4. Click ‘Security'
5. Click ‘Phone'
6. Click ‘Delete phone number'

Using a security key or authentication app two-factor is inherently more secure than SMS due to the growing prevalence of SIM swapping. While Twitter's implementation still isn't perfect, it's certainly nice to see the company making significant strides in this area.