Twitter users can now use security keys as their only 2FA method

Twitter has announced a new feature for the privacy of its users. Starting today, users will have the option to use security keys as their only form of two-factor authentication (2FA) to log into an account. This will make it harder for unauthorised parties to bypass 2FA using the verification code from your email or SMS, and get into your Twitter account.

“While any form of 2FA is better than no 2FA, physical security keys are the most effective,” Twitter said in a blog post. Security keys offer the strongest protection for your Twitter account because they have built-in protections to ensure that even if a key is used on a phishing site, the information shared can’t be used to access your account,” it adds.

What are hardware security keys?

Hardware security keys are physical devices that users can use to authenticate certain apps and services. They can be USB-based keys, that look like a flash drive and can come with USB-A, or USB-C ends, or they can even be NFC-based security keys.

Compared to passwords, hardware security keys are much easier to set up and convenient to use. They work by authenticating apps like Twitter (similar to how an actual key would work) whenever they are connected to the phone or PC in question. There are different kinds of security keys.

Security keys use the FIDO and WebAuthn security standards to let a hardware device deal with phishing websites so that users don’t have to. Security keys can also differentiate legit websites from others that may simply be posing as authentic websites. They also help block phishing attempts, that SMS or verification codes would not.

The ability to use security keys as your 2FA method was added by the micro-blogging platform back in 2018. While the initial support was only for the Twitter website, the feature made its way to the mobile app later as well in 2020.