Twitter Users No Longer Need Phone Numbers to Use Two-Factor Authentication

The social network updated its login process to support WebAuthn

Two-factor authentication is used to add an extra layer of security when users login to accounts zimmytws/iStock

Twitter users can now secure their accounts with two-factor authentication without being required to supply a mobile phone number.

The social network said in late May that it was switching its security key-based two-factor authentication from the FIDO U2F standard it had been using for nearly one year to the FIDO2 WebAuthn protocol.

Software engineer Brian Wong said in a blog post at the time that WebAuthn enables strong browser-to-hardware-based authentication via devices including security keys, mobile phones and built-in authenticators such as Touch ID, exchanging user credentials using public key cryptography, and it is supported by most modern browsers, including Chrome, Edge and Firefox.

Twitter said in a Twitter Safety tweet Thursday that it updated its login process to support WebAuthn, so that users can authenticate their logins with a single tap and without a phone number.

Product lead Kayvon Beykpour added in a tweet of his own, “Another key update today: You can now use two-factor authentication without linking a phone number. If you already have your phone number linked along with application-based 2FA, you can unlink it in the account section of your settings while still keeping 2FA on.”

Two-factor authentication is used to add an extra layer of security when users login to accounts, but many 2FA solutions rely on text messaging, which has proven to be prone to hacks.

After CEO Jack Dorsey’s Twitter account was hacked in late August, the social network responded in early September by halting users’ ability to tweet via SMS. David Cohen is editor of Adweek's Social Pro Daily.