Twitter just announced that it would support two-factor authentication without a phone number. Before now, users would have to add a phone numbers when using two-factor authentication and this was for back-up purposes. But it looks like a lot has changed since Twitter CEO Jack Dorsey’s Twitter account was hijacked just two months ago in what looked like a SIM-swapping attack.
Some users have been wary of adding their phone numbers to their Twitter account even as it is believed that these just end up in the hands of advertisers anyway so this may come as a relief to such users and privacy advocates.
That said, it’s not so straightforward to unlink your phone number form two-factor authentication. It looks like the update is for Twitter for Web users which means outside of the web, security keys aren’t supported. Jared Miller, Twitter engineers said we require you to have a second method along with security keys since the latter isn’t currently supported outside web. If you’d like to disable sms, you need to also have a mobile security app. We know this might not be ideal but we’re going to keep working on it!
This means that outside of the web, a user would need a mobile security app in addition. So, don’t be surprised when you see this which means that when next you wish to apply, he two-factor authentication, you would have to choose two of the three options namely; SMS, authentication app and security key. So, for those who wish to unlink their phone numbers, the obvious choice is a combination of the authentication app and security key.
To do this, please navigate to Account>Security>Phone and please chose the “Delete phone number” option.