Twitter users now have the option to use security keys as their only form of two-factor authentication or 2FA, as a way to keep their Twitter account secure.
For the uninitiated, 2FA is an added layer of security that requires users to enter an extra piece of information such as date of birth to login into an account, or use a physical security key that only the user would hold. Physical security keys are most effective for 2FA, and Twitter has now enabled this functionality.
Security keys are small devices that act as keys to the house. Just as one would need a physical key to unlock the door to their home, a security key is needed to unlock access to an account. Security keys offer the strongest protection for a Twitter account because they have built-in protections to ensure that even if a key is used on a phishing site, the information shared can’t be used to access the account.
They use the FIDO and WebAuthn security standards to transfer the burden of protecting against phishing attempts from a human to a hardware device. Security keys can differentiate legitimate sites from malicious ones and block phishing attempts that SMS or verification codes would not.
In 2018, Twitter added the option to use security keys as one of several 2FA options. However, this initial support only worked for Twitter.com, not the mobile app, and required accounts to have another form of 2FA enabled as well.
In 2019, Twitter upgraded its security key support to use the latest WebAuthn standard, which provides a secure authentication method recognized across the web. The platform also enabled the ability to use 2FA on a Twitter account without requiring a phone number, allowing people to protect their accounts from SIM-swapping attacks and opening up 2FA to more people.
In 2020, Twitter made additional improvements by enabling support for security keys on iOS and Android, in addition to the web. And earlier this year, they added the ability to register multiple security keys on the Twitter account, allowing users to have backup security keys and making it easier for accounts managed by multiple people to enable 2FA with multiple security keys.
Now the option to use security keys as your sole 2FA method has been added, users can enroll one or more security keys as the only form of 2FA on their Twitter account without a backup 2FA method. Twitter mentions that it would continue to make updates and improvements to the ways users can keep their Twitter accounts secure.