Twitter has announced that users now have the option to use security keys as their only form of two-factor authentication (2FA), which is said to be the “most effective" way to keep the Twitter account secure. Twitter notes that 2FA in any form is useful and recommended, though physical security keys are the most effective. Security keys are small devices that act as keys to your house. PCs can use third-party keys to enable this method. Twitter further adds that security keys offer the strongest protections for the Twitter account because they have built-in protections to ensure that even if a key is used on a phishing site, the information shared can’t be used to access the account. The keys use the FIDO and WebAuthn security standards to transfer the burden of protecting against phishing attempts from a human to a hardware device. Security keys can also differentiate legitimate sites from malicious ones and block phishing attempts that SMS or verification codes would not. To enable 2FA with security keys, open the Twitter app > Settings and Privacy > Account > Security > Two-factor Authentication > Enable Security key.
Twitter first announced that it is working to bring the upgraded 2FA with a security key-option back in March. The latest development was shared in a post on the micro-blogging platform. Companies including Yubikey, Google and Feitian make hardware security keys. They typically connect by plugging into a USB port, but some models use NFC or Bluetooth radio communications. Most of these devices are based on protocols set by FIDO Alliance’s U2F. It is an open authentication standard that enables internet users to securely access any number of online services with one single security key instantly and with no drivers or client software needed.
Now security keys can be your one and only two-factor authentication method on mobile and web.Learn more about how security keys can protect your account from attacks: https://t.co/Ta7uQSFhi6 pic.twitter.com/aPDOnbRtVk
— Twitter Support (@TwitterSupport) June 30, 2021
Twitter has long encouraged the use of some form of 2FA. In 2018, it added the option to use security keys as one of several 2FA options. However, this initial support only worked for the Twitter website, not the mobile app, and required accounts to have another form of 2FA enabled say via Google Authenticator. In 2019, the platform upgraded the security key support to use the latest WebAuthn standard, which provides an up-to-date and secure authentication method recognised across multiple websites. Last year, Twitter made additional improvements by enabling support for security keys on iOS and Android, in addition to the web. And earlier this year, it added the ability to register multiple security keys on the Twitter account though it still required users to another form of 2FA enabled.