Twitter finally makes an important security change that helps everyone

Here's everything you need to know about the change to two-factor authentication codes.

Jason Cipriani
Jason Cipriani
Jason Cipriani Contributing Writer, ZDNet
Jason Cipriani is based out of beautiful Colorado and has been covering mobile technology news and reviewing the latest gadgets for the last six years. His work can also be found on sister site CNET in the How To section, as well as across several more online publications.
Jason Cipriani
3 min read

Twitter is making it possible to use 2FA without a phone number. 

Angela Lang/CNET

Twitter recently announced that users can disable SMS-based two-factor authentication, a requirement the company has held onto despite the increased security risk of receiving 2FA codes via SMS.

Two-factor authentication, widely considered a best practice when it comes to keeping your online accounts secure, adds an extra layer of security to your online accounts by requiring a six-digit number after you've entered the correct password for your account. Originally, two-factor codes were delivered primarily via text message, but that's proven to be problematic. For example, Twitter CEO Jack Dorsey's account was hacked in August. 

The person(s) who had control of his account posted hateful messages before they were deleted. They were able to gain access to his account and get around two-factor authentication by switching the SIM card linked to his phone number and then receiving the SMS two-factor authentication code in a practice commonly referred to as SIM swapping. 

With Twitter dropping the requirement, you can now opt to receive its 2FA codes strictly through third-party apps or a dedicated security key. Not only is this more secure, but you'll also be able to access your codes even if your phone can't receive text messages, like on a long flight. If you already have 2FA enabled on your Twitter account, or you've been holding out until the company ditched the SMS requirement, here's what you need to know.

Watch this: Twitter lets you hide replies, Google makes it easier to get movie tickets

Set up 2FA for your Twitter account

If you haven't taken the time to set up two-factor authentication for your Twitter account, now is as good a time as any. It only adds a few seconds to the login process, but goes a long way toward keeping your account secure. We're going to cover setting up 2FA with an authentication app like Google Authenticator or 1Password. If you aren't sure which app to use, we have a guide of the top password managers, most of which include authentication features. 


You're no longer required to leave text message 2FA codes turned on. 

Screenshot by Jason Cipriani/CNET

Here's what you need to do:

  1. Visit the Account section of your account on Twitter.com.
  2. With the Account tab selected, click on Security.
  3. Next, click on Two-factor authentication.
  4. You'll be shown three different options: Text message, Authentication app and Security key. Select Authentication app.

The rest of the process will vary depending on which app you're using but generally consists of scanning a QR code created by Google that will allow the app to create your 2FA codes. After scanning the QR code, you'll be asked to enter the six-digit number displayed in your app to verify it's set up correctly. 

Going forward, anytime you log into your Twitter account, you'll be asked for your 2FA code after entering your password. Again, it adds a couple of seconds to the process, but it's worth it. 


Ditch the text message codes. You're safer for doing so.

Jason Cipriani/CNET

Stop Twitter from sending text message 2FA codes

If you already have two-factor authentication set up on your account and use an authenticator app, it's a good idea to disable text message codes. This will prevent the possibility of someone gaining access to your account via SIM swapping. 

Here's what you need to do:

  1. Visit the Account section of your account on Twitter.com.
  2. With the Account tab selected, click on Security.
  3. Next, click on Two-factor authentication.
  4. Remove the checkmark in the box next to Text message, and accept the change if prompted.

Twitter isn't the only website that uses 2FAAppleGoogle and Facebook each offer the added layer of security. Even Fortnite has 2FA. Remember, the added layer of security is for your own protection, and yes, it's a slight inconvenience, but at the end of the day that's far less than the amount of time and headaches you'll have to deal with if someone gains access to your accounts.