Twitter Users Finally Offered 2FA Account Security Options Other Than SMS

Twitter has recently announced a major update in their system that may bring a sigh of relief for some users. Reportedly, Twitter removed its limitation for SMS-based 2FA method and provided alternate options.

Twitter Relieves SMS-Based 2FA Limitation

Twitter has recently announced a change with its user verification methods. As disclosed in a recent tweet, Twitter now relieves users of the outdated SMS-based 2FA limitation. They can now enable two-factor authentication even without a phone number.

Previously, in fact, right before this announcement, SMS-based verification was the only method supported by Twitter for two-factor authentication. And, to use this method, users should have to register their mobile phone numbers with Twitter.

This strategy posed a threat to the security and integrity of Twitter accounts owing to the risks associated with phone numbers, such as SIM swapping.

This is the same method that triggered the hacking of Jack Dorsey’s Twitter account via SIM swapping a few months ago. Moreover, this method has also caused numerous other high-profile account hacks as well.

Though, the users could enable the use of a security key for authentication. They still needed to have SMS-based 2FA enabled. Hence, the security risks still posed threat to the accounts.

However, after Jack-Dorsey’s account hacking incident, it seems Twitter took the matter seriously to come up with an alternative.

Twitter have also confessed in the previous month about the ‘inadvertent’ use of users’ 2FA numbers for ad targeting. Perhaps, this might be another reason contributing to the new decision.

Some Bugs Still Need Attention

While the new 2FA policy has been announced, some users are still facing trouble in fully availing this functionality. As highlighted by a user in response to Twitter’s announcement, the account still requires phone number registration.

Though, a software engineer at Twitter, Jared Miller, swiftly elaborated on the matter.

So, for now, the new feature is in the testing phase. Therefore, the users eager to get rid of this phone number restriction shall have to wait for a few days before the feature becomes fully functional.

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil