Twitter has announced that users can use their security keys as the only form of two-factor authentication (2FA) on both mobile and web, which is the most effective way to keep the Twitter account secure.
In March, Twitter had said it would soon let people use a security key as their only two-factor authentication method.
Security keys are small devices that act like keys to your house. Just as you need a physical key to unlock the door to your home, you need a security key to unlock access to your account.
“Security keys offer the strongest protection for your Twitter account because they have built-in protections to ensure that even if a key is used on a phishing site, the information shared can’t be used to access your account,” Twitter said in a statement on Wednesday.
Security keys can differentiate legitimate sites from malicious ones and block phishing attempts that SMS or verification codes would not.
Twitter has long encouraged the use of some form of 2FA.
In 2018, it added the option to use security keys as one of several 2FA options.
However, this initial support only worked for Twitter.com, not the mobile app, and required accounts to have another form of 2FA enabled as well.
In 2019, it upgraded the security key support to use the latest WebAuthn standard, which provides an up-to-date and secure authentication method recognized across the web.
In 2020, the company made additional improvements by enabling support for iOS and Android security keys and the web.
Earlier this year, it added the ability to register multiple security keys on users’ Twitter accounts, allowing them to have backup security keys and making it easier for accounts managed by multiple people to enable 2FA with multiple security keys.
“Now we’re adding the option to use security keys as your sole 2FA method – meaning you can enroll one or more security keys as the only form of 2FA on your Twitter account without a backup 2FA method,” Twitter explained.
