Twitter has changed its security settings so that you can use Two-Factor Authentication (2FA) without having to tell your service about your telephone number. At that time, when Twitter relied on text messages when sending 2FA 6-digit codes, this requirement made more sense. Now it is possible to use an authentication application or security key, however, phone numbers are constantly being asked.
This is a very positive development of Twitter. Not only is SMS vulnerable to SIM switch attacks but Twitter has also recently admitted that “inadvertently” uses people’s phone numbers for promotional purposes. The authentication application is safer and you can use it without having to provide more personal information than you need.
We're also making it easier to secure your account with Two-Factor Authentication. Starting today, you can enroll in 2FA without a phone number. https://t.co/AxVB4QWFA1
— Twitter Safety (@TwitterSafety) November 21, 2019
However, the safest method of 2FA is to use a security key because you don’t have to enter a six-digit code that can be intercepted by complex hackers. Although Twitter supports this as a 2FA method, Twitter does not want to allow its users to fully rely on it. Responding to user complaints, Twitter technicians found that security keys outside Twitter are not currently supported on the network. Therefore, it continues to ask the user to activate the 2FA method differently than the backup.
If you have shared your telephone number with Twitter and want to delete it, navigate to the settings on the Twitter application or website, then click the Account menu. From here, tap your phone number and then select the delete option. If you currently use SMS as the 2FA method, you will be warned that deleting the SMS will disable it. Therefore, prepare an alternative 2FA method as an authentication application to use instead.