INSUBCONTINENT EXCLUSIVE:
Two-factor authentication is good! SMS-based two-factor authentication? Not the best option
After countless tales of people having their phone numbers and inbound SMS hijacked by way of SIM swapping, it clear that SMS just isn&t the
right solution for sending people secondary login codes.
And yet, for many years, it been the mandatory go-to on Twitter
You could switch to another option later (like Google Authenticator, or a physical Yubikey) — but to turn it on in the first place, you
were locked into giving Twitter a phone number and using SMS.
Twitter is getting around to fixing this, at long last
The Twitter Safety team announced that you&ll be able to enable two-factor authentication without the need for a phone number, starting
sometime today.
This news comes just a few months after Jack Dorsey own Twitter account was hacked (seemingly by way of a SIM swap) and a
few weeks after Twitter had to admit it was using phone numbers provided during the two-factor setup process for serving targeted
ads.
We're also making it easier to secure your account with Two-Factor Authentication
Starting today, you can enroll in 2FA without a phone number
https://t.co/AxVB4QWFA1
— Twitter Safety (@TwitterSafety) November 21, 2019
Some users are reporting that the setup process still
requests a phone number, so it seems like this change is being rolled out rather than launching for everyone immediately.
