Twitter lets users set security key as only two-factor authentication method

Twitter now allows users to use a security key as the only two-factor authentication mechanism on both mobile and web.


Microblogging site Twitter announced that users can now utilize security keys as their only method of two-factor authentication (2FA), which is believed to be the “most effective” approach to keep their accounts secure. 2FA in any form is beneficial and recommended, according to Twitter, though physical security keys are the most effective. These are little gadgets that serve as house keys.

Third-party keys can be used to allow this approach on PCs. The keys provide the best protection for a Twitter account since they contain built-in safeguards that ensure that even if a key is used on a phishing site, the information given cannot be used to access the account. The keys employ the FIDO and WebAuthn security standards to shift the burden of phishing protection from a human to a physical device. The keys can help distinguish between legitimate and malicious websites and prevent phishing efforts that SMS or verification codes cannot.

To enable 2FA with security keys, open the Twitter app >  Settings and Privacy > Account > Security > Two-factor Authentication > Enable Security key.

Back in March, the site revealed that it was working on bringing the enhanced 2FA with a security key option to the platform. The most recent advancement was announced via a microblogging platform post. Hardware security keys are made by companies like Yubikey, Google, and Feitian. They usually link to a computer through USB, although some models also employ NFC or Bluetooth radio connectivity. The U2F protocols developed by the FIDO Alliance are used by the majority of these devices. It is an open authentication standard that allows internet users to safely access a variety of online services with a single security key and no client software or drivers.

Twitter and evolution of 2FA over the years

In 2017, the company added support for authentication apps like Google Authenticator and Authy, in addition to SMS. It now allows you to establish two-factor authentication without providing your phone number, which is a welcome change considering the vulnerability of SMS to SIM-swapping attacks (like the one that led to CEO Jack Dorsey losing control of his account for about an hour and a half).

It has long promoted the adoption of two-factor authentication. In 2018, it became one of the numerous 2FA alternatives to include security keys. This early functionality, however, was only available for its website, not the mobile app, and needed accounts to have another type of 2FA activated, such as Google Authenticator.

The platform’s security key support was enhanced in 2019 to use the current WebAuthn standard, which provides a safe and up-to-date authentication method that is recognized across many websites. It made more changes last year by providing security keys support on iOS and Android in addition to the web.

It also provided the ability to register several security keys on an account earlier this year, albeit users still needed to have another type of 2FA activated. 

Need for Two Factor Authentication

The ability to use a security key as one of your two-factor authentication methods isn’t new, but you can now make it the only one if you want to. Physical security keys have a benefit over other two-factor solutions like an authenticator app or SMS because they don’t rely on code that could be intercepted by a bad actor.

For those unaware, these are small devices that hold authentication codes for apps and websites. No one will be able to access your accounts unless they have access to this physical key. With iOS 13.3, Apple has added support for physical security keys, which can be used with compatible devices via the Lightning/USB-C connector or even NFC.

The new functionality is now available in Twitter’s iOS and Android apps, as well as on the website, according to the company.

Exit mobile version