https://thenextweb.com/security/2019/11/22/psa-twitter-finally-ditches-sms-for-two-factor-authentication/

Twitter has finally done the impossible: it’s allowing users to enroll for its two-factor authentication (2FA) program without requiring a phone number. What’s more, it’s also providing an option to disable SMS-based 2FA, which is known to be flawed and insecure.

The decoupling comes in the wake of revelations that the social blogging platform “accidentally” targeted ads at some users by way of their email addresses and phone numbers, which they provided only for account security purposes.