# Remove SMS from your 2-factor authentication

Twitter recently fixed their 2-factor authentication, allowing you to remove SMS (text) from the authentication methods. And you should take them up on the offer immediately. All it took was the Twitter CEO [getting hacked](https://www.zdnet.com/article/jack-dorseys-twitter-account-got-hacked/) by a [SIM-swap attack](https://blog.donbowman.ca/2018/01/24/data-breaches-its-the-risk-you-dont-expect-that-gets-you/).

Before you read on, I encourage you to head over to your [Twitter Two-Factor Authentication](https://twitter.com/settings/account/login_verification) screen and disable "Text message" as a method (relying on your TOTP application and your Security key).

OK, back? This is not just about Twitter. Yes I think it was a mistake to force SMS in the list as they used to do... but Twitter was, and is, still more secure than most sites out there which have **\*NO 2-Factor Authentication\*** at all. Your bank?

If its worth having a login, its worth having [2-factor](https://www.agilicus.com/apps-need-2-factor-auth/): something you know, and something you have. In an ideal world you login with [OpenID Connect](https://www.agilicus.com/project/federated-identity/) (OAUTH2) so the application has \***no password**\*, nothing to breach.

Now, I know you. You are saying "It's only Twitter, what harm can there be?". Well, in today's world, a hacker could cause World War III via Twitter. In an era where a US president makes policy proclamations via Twitter, and can cause the [stock of Boeing to drop](https://www.marketwatch.com/story/boeings-stock-drops-after-trump-tweet-to-cancel-air-force-one-order-2016-12-06) with 140 characters or less, yes, a false tweet from someone could cause a war. The morale of this is... the damage can always be worse than you think.

SMS is not secure. It was not designed to be. Remove it from your 2-factor authentication list now. Everywhere. Its better than nothing, but we deserve better than that.