Connect with us

Internet

Twitter now lets you enable 2FA without asking for your phone number

Twitter has changed its security settings to let you use two-factor authentication (2FA) without having to give the service your phone number. Back when Twitter relied on SMS to send users their six-digit 2FA codes this requirement made more sense, but now that it allows them use authentication apps or security keys, however, asking for phone numbers is increasingly unnecessary.

This is a very positive development from Twitter. Not only is SMS vulnerable to SIM-swapping attacks (just ask Twitter CEO Jack Dorsey), but Twitter also recently admitted to “unintentionally” using people’s phone numbers for advertising purposes. Authentication apps are more secure, and you can use them without having to give any more personal details to Twitter than you absolutely need to.

Twitter Safety@TwitterSafety

We’re also making it easier to secure your account with Two-Factor Authentication. Starting today, you can enroll in 2FA without a phone number. https://twitter.com/TwitterSafety/status/1134174785137782789 …Twitter Safety@TwitterSafetyWe want to give you the most secure experience on Twitter. Today, we updated our login process to support WebAuthn for an enhanced Two-Factor Authentication (2FA), so you can easily and securely authenticate your login with a single tap. Read more below.https://blog.twitter.com/engineering/en_us/topics/infrastructure/2019/webauthn.html …1,0019:01 PM – Nov 21, 2019Twitter Ads info and privacy537 people are talking about this

The most secure 2FA method, however, is using a security key, since these don’t rely on you having to type in a six-digit code that a sophisticated hacker could intercept. However, while Twitter supports these as a 2FA method, it’s not ready to let its users rely on them entirely. Responding to a user complaint, one Twitter engineer noted that security keys currently aren’t supported outside of Twitter on the web, so it still asks users to have another 2FA method enabled as a backup.

If you’ve given Twitter your phone number and you want to delete it, then head into settings in the app or on Twitter’s website, and then click into the “Account” menu. From here, tap your phone number, and then select the delete option. If you’re currently using SMS as a 2FA method then you’ll be warned that deleting it will turn it off, so be sure to set up an alternative 2FA method such as an authentication app to use in its place.

Source:
https://www.theverge.com/2019/11/22/20977436/twitter-2fa-phone-number-authentication-app-security-key

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: