Twitter will finally let you turn on two-factor authentication without giving it a phone number

Greg Kumparak
People are seen as silhouettes as they check mobile devices whilst standing against an illuminated wall bearing Twitter Inc.'s logo in this arranged photograph in London, U.K., on Tuesday, Jan. 5, 2016. Twitter Inc. may be preparing to raise its character limit for tweets to the thousands from the current 140, a person with knowledge of the matter said. Photographer: Chris Ratcliffe/Bloomberg via Getty Images

Two-factor authentication is good! SMS-based two-factor authentication? Not the best option. After countless tales of people having their phone numbers and inbound SMS hijacked by way of SIM swapping, it's clear that SMS just isn't the right solution for sending people secondary login codes.

And yet, for many years, it's been the mandatory go-to on Twitter . You could switch to another option later (like Google Authenticator, or a physical Yubikey) — but to turn it on in the first place, you were locked into giving Twitter a phone number and using SMS.

Twitter is getting around to fixing this, at long last. The Twitter Safety team announced that you'll be able to enable two-factor authentication without the need for a phone number, starting sometime today.

This news comes just a few months after Jack Dorsey's own Twitter account was hacked (seemingly by way of a SIM swap) and a few weeks after Twitter had to admit it was using phone numbers provided during the two-factor setup process for serving targeted ads.

https://platform.twitter.com/widgets.js

Some users are reporting that the setup process still requests a phone number, so it seems like this change is being rolled out rather than launching for everyone immediately.