Twitter is finally rolling out a new security feature to enable two-factor authentication (2FA) where users do not require to give their phone number and inbound SMS with login codes back to the micro-blogging platform. Several people have reported in the past that their phone numbers and inbound SMSes were hijacked by a method called SIM swapping.
The Twitter Safety team announced that users will be able to enable two-factor authentication without the need for a phone number.
“We’re also making it easier to secure your account with Two-Factor Authentication. Starting today, you can enroll in 2FA without a phone number,” said the company in a tweet. “If you already have your phone number linked along with App-based 2FA, you can unlink it in the “Account” section of your settings while still keeping 2FA on,” added Kayvon Beykpour, a product lead at Twitter.
The move comes after CEO Jack Dorsey’s own Twitter account was hacked recently.
The micro-blogging platform later said that it secured Dorsey’s account which became a victim of ‘SIM swapping’ or ‘SIM jacking’ where a mobile number is transferred to a new SIM card.
By taking control of Dorsey’s number, hackers posted tweets via text messages on his Twitter account. The phone number associated with the account was compromised due to a security oversight by the mobile provider.
Two-factor authentication adds an extra layer of security to your online accounts by requiring a six-digit number after you’ve entered the correct password for your account.
Here’s what you need to do:
Visit the Account section of your account on Twitter.com. With the Account tab selected, click on Security. Next, click on Two-factor authentication. You’ll be shown three different options: Text message, Authentication app and Security key. Select Authentication app. A QR code will be generated to create your 2FA code. After scanning the QR code, enter the six-digit number displayed in your app and you are done without giving your phone number for an inbound SMS with the code.