Jim O’Leary on the Twitter blog:
This is a form of two-factor authentication. When you sign in to twitter.com, there’s a second check to make sure it’s really you. You’ll be asked to register a verified phone number and a confirmed email address.
In general this is awesome news and definitely a step into the right direction. The biggest issue though: Because it is currently only based on SMS, it doesn’t work everywhere.
And to add a little insult to injury: while trying to add your phone number, it shows a list of carriers – in my case in Germany, it’s E-Plus, O2, T-Mobile and Vodafone. But despite showing the carriers, I personally can confirm, that O2 doesn’t work. And I’ve heard that Vodafone or T-Mobile don’t work either. That said, I wouldn’t be surprised if it doesn’t work with E-Plus.
I’m surprised that Twitter didn’t launch with support for Google Authenticator, and as such, also with compatibility for other TOTP apps.