Twitter no longer supports Google Voice numbers for 2FA

As of last week, Twitter looks to have dropped support for text message two-factor authentication (2FA) using Google Voice numbers.

When the change was first implemented last week, there was no real error message after entering your username/email and password during Twitter sign in (like when setting up new devices). Users were left with a blank box on the screen that did not explain what was happening.

Fortunately, if you were already logged in on another device, you could turn off “Text message” 2FA from Settings > Security and account access > Security > Two-factor authentication (assuming you had other methods enabled, and proceed with using Twitter).

From various reports on our team, it’s clear that the commonality in those 2FA sign-in failures is the use of Google Voice. In testing today, trying to re-enable a Voice number for 2FA results in the following error: “We cannot currently register this phone number.”

After removing that number from an account and trying to re-add it, Twitter says: “This phone number can’t be registered. Try signing up with email instead.” Everything worked normally with a regular carrier number. Twitter should do a better job with error messages.

Meanwhile, Google Voice no longer being supported for Twitter 2FA could be part of the company’s battle with bot accounts on the platform. CEO Elon Musk has said that’s a big focus, while reporting from Platformer has detailed how an initial effort to stomp out spam backfired:

But rather than work to remove individual offenders, the company identified mobile networks associated with large spam networks in specific countries, and blocked users who relied on those networks from receiving SMS messages from Twitter, impacting people with two-factor authentication. Then it blocked traffic from those carriers completely.

Meanwhile, Musk on Twitter Spaces last night said:

Basically there are telcos who are not being super honest out there, in other parts of the world, who were basically gaming the system. And running like two-factor authentication SMS texts over and over again, and just creating a zillion bot accounts to literally run up the tab so that Twitter would SMS text them. Twitter would just pay them millions of dollars.