Twitter finally allows two-factor authentication without a phone number



Twitter announced on Friday, November 22, 2019, that it is no longer necessary to register a phone number for two-factor authentication to enhance account security.

Twitter will finally let users disable SMS as default 2FA method | ZDNet

“Two-factor authentication” is a technique that makes it harder to suffer from account hacking by adding “another step” to the password when logging in. On Twitter, three types of two-factor authentication were available: “Short Mail Code Authentication”, “Third Party Authentication Application”, and “Physical Security Key”. However, even in the two-factor authentication of “third-party authentication application” and “physical security key”, it was necessary to register the phone number first, and it was not possible to disable code authentication by short mail.

When code authentication by short mail was valid, it was possible to hack a Twitter account using an illegally obtained phone number. In August 2019, there was a case where Twitter's Twitter account of Jack Dorsey was hacked due to phone number infringement.

We also know that Twitter was using the phone number obtained through two-factor authentication for targeted advertising.

Admit that Twitter was using the user's phone number used for two-step authentication for target advertisements-GIGAZINE


Sara Kurfeß

With this specification change, the user will be able to delete the phone number associated with the Twitter account. By deleting your phone number, you can keep your Twitter account safe even if your phone number is compromised.

You can check how to use two-factor authentication from the following URL.

How to use two-factor authentication

in Web Service, Posted by darkhorse_log