Twitter is finally rolling out a new security feature to enable two-factor authentication (2FA) where users do not require to give their phone number and inbound SMS with login codes back to the micro-blogging platform.
Several people have reported in the past that their phone numbers and inbound SMSes were hijacked by a method called SIM swapping.
The Twitter Safety team announced that users will be able to enable two-factor authentication without the need for a phone number.
"We want to give you the most secure experience on Twitter. Today, we updated our login process to support WebAuthn for an enhanced Two-Factor Authentication (2FA), so you can easily and securely authenticate your login with a single tap," said the company in a tweet.
The move comes after CEO Jack Dorsey's own Twitter account was hacked recently.
The micro-blogging platform later said that it secured Dorsey's account which became a victim of 'SIM swapping' or 'SIM jacking' where a mobile number is transferred to a new SIM card.
By taking control of Dorsey's number, hackers posted tweets via text messages on his Twitter account. The phone number associated with the account was compromised due to a security oversight by the mobile provider.
Two-factor authentication adds an extra layer of security to your online accounts by requiring a six-digit number after you've entered the correct password for your account.
Here's what you need to do:
Visit the Account section of your account on Twitter.com. With the Account tab selected, click on Security. Next, click on Two-factor authentication. You'll be shown three different options: Text message, Authentication app and Security key.
Select Authentication app.
A QR code will be generated to create your 2FA code. After scanning the QR code, enter the six-digit number displayed in your app and you are done without giving your phone number for an inbound SMS with the code.