Twitter just fixed a major problem with its security settings
It's time to change your Twitter security settings!
That's because the company is finally, finally fixing a major issue with its two-factor authentication security settings.
Twitter will now let users remove their phone number from their login verification settings, in a move that's already delighting security-nerd Twitter.
You May Also Like
This Tweet is currently unavailable. It might be loading or has been removed.
If you're not already familiar, two-factor authentication (2FA) adds an extra layer of security to your account so it's more difficult to hack. One common method is to use a phone number to receive SMS codes upon logging in, which are required in addition to your normal login credentials.
The issue with this is that text messages aren't very secure. And relying on SMS-based 2FA can have disastrous results when a determined hacker is involved, which is why most security experts recommend an app-based 2FA method like Google Authenticator. Otherwise, you're at risk of falling victim to SIM swapping, or a number of other creative methods hackers use to intercept text messages.
The problem for Twitter — and the reason why its 2FA has been widely criticized — is that up until now, the app still required users to opt into SMS security codes even when a third-party authentication app was enabled. Twitter has never publicly offered an explanation for this despite it being a major point of frustration for its security-minded users.
There's also the not-at-all-alarming fact that Twitter recently admitted it had "inadvertently" used people's 2FA phone numbers for ad targeting. (The company apologized and said it ended the practice.)
Luckily, Twitter users no longer have to worry about any of this. As of today, the company is updating its security settings so it's possible to use two-factor authentication without adding a phone number.
And, just in case it wasn't already completely obvious: Yes, you should absolutely change this setting right now.
Head to your login verification settings (also available here) and make sure that "text message" is unchecked. (A Twitter spokesperson confirmed that the feature is still rolling out, so if you get a notification that removing text messages will disable login verification, hang tight and try again a little later.) Then, you can delete your phone number in the "account" section of your settings.
Then, breathe a sigh of relief knowing that your account is now much harder to hack.
Topics Cybersecurity Social Media X/Twitter
Karissa was Mashable's Senior Tech Reporter, and is based in San Francisco. She covers social media platforms, Silicon Valley, and the many ways technology is changing our lives. Her work has also appeared in Wired, Macworld, Popular Mechanics, and The Wirecutter. In her free time, she enjoys snowboarding and watching too many cat videos on Instagram. Follow her on Twitter @karissabe.
