Twitter has supported 2-factor authentication (2FA) by way of authenticator apps for fairly some time already, nevertheless it has all the time required you so as to add a telephone quantity to your account for restoration and backup functions. Since tie-ins with telephone numbers have a tendency so as to add a further safety threat because of SIM swap assaults, this wasn’t one of the best answer for everybody, and Twitter has heard its safety-conscious customers. It’s now doable to safe your account with 2FA with out including a telephone quantity in any respect.
You may have three choices for two-factor authentication.
I examined the change with my account straight away, and it appears to work simply as supposed. Within the Twitter app settings, I may select between three safety choices: Textual content message, authenticator app, or safety key. It is doable to activate all three of those directly, however for the needs of this check, I solely activated the authentication app. When you have an software like Authenticator Plus put in, Twitter mechanically arms over its code to the app and after verifying the six digits, you are all set. Easy crusing.
We’re additionally making it simpler to safe your account with Two-Issue Authentication. Beginning at present, you possibly can enroll in 2FA and not using a telephone quantity. https://t.co/AxVB4QWFA1
— Twitter Security (@TwitterSafety) November 21, 2019
Sadly, deleting the telephone quantity nonetheless makes the “Safeguard your account” immediate present up within the feed as a result of including it might show you how to regain entry to your account do you have to lose your password. Individuals replying to the Tweet above report comparable habits. Others complain that after they tried to deactivate telephone numbers as a second issue, the web site and/or app advised them that they’d lose 2FA altogether. The change might be nonetheless rolling out, so these hiccups will hopefully disappear over time.
The “Safeguard your account” immediate exhibits up once more after deleting your telephone quantity.
The corporate additionally introduced that it is changing the FIDO U2F with the FIDO2 WebAuthn protocol on desktops, which is able to enable extra versatile and stronger “browser-to-hardware-based authentication utilizing gadgets corresponding to safety keys, cell phones (NFC, BLE),” and biometric components like TouchID.