Twitter recently changed its security protocols and final enabled two-factor authentication (2FA, for short) on the app. The new option replaces the previous SMS-based 2FA, which still required users to link their phone numbers to the app.
The change in Twitter’s 2FA protocol allows clearly serves as a reprieve for many Twitter users, especially since it eliminates the dangers of SIM card swapping attacks. For years, Twitter used SMS for its main two-factor authentication method, even when more viable authentication methods, including Google Authenticator and Yubikey, had been available.
The removal of SMS-based authentication also prevents the social media platform from sending target-specific advertisements to said phone numbers. Even for those who declined to use the security method.
We're also making it easier to secure your account with Two-Factor Authentication. Starting today, you can enroll in 2FA without a phone number. https://t.co/AxVB4QWFA1
— Twitter Safety (@TwitterSafety) November 21, 2019
The change in authentication does carry a certain sense of irony. Earlier this year, Jack Dorsey, CEO of Twitter, became a victim of his own product, when his own account was hacked via the old SMS-based authentication process.
Since the publication of this article, the new 2FA authentication has gone live. However. TechCrunch reports that some users are still being asked to submit their phone numbers.