Hire me

Two-Factor Authentication on Twitter without a Phone Number

I have had Two-Factor Authentication (2FA) enabled on Twitter for a long time.

When I enrolled in 2FA, Twitter supported it only via phone number - they required you to provide a trusted phone number where they’d send you SMS texts with the verification codes.

After the recent Twitter hack and the rumors that the hackers used a SIM swapping technique to hijack social media accounts, I felt the urge to check whether Twitter provided 2FA via an authenticator app or auth devices like Yubikey.

The good news is that they now do! It seems that they have been supporting alternative and more secure methods for a while and I totally missed it (so did you maybe?):

How to Enable It

You can setup 2FA by going to https://twitter.com/settings/account/login_verification

Twitter has a simple guide with instructions to enable 2FA (skip to To sign up via authentication app).

What the Heck is Two-Factor Authentication

For the ones who are not familiar with Two-Factor Authentication, here is the description from Twitter:

Two-factor authentication is an extra layer of security for your account. Instead of only entering a password to log in, you’ll also enter a code or use a security key. This additional step helps make sure that you, and only you, can access your account.

After you enable this feature, you will need your password, along with a secondary login method –– either a code, a login confirmation via an app, or a physical security key to log in to your account.

Enable 2FA and stay safe ✌️