The microblogging site announced a feature to use a security key as the only two-factor authentication method.
Twitter To Let Users Set Security Key As Only Two-Factor Authentication Method
WASHINGTON — Microblogging site Twitter launched a new feature that uses security keys as the only method of two-factor authentication (2FA) on its web and mobile logins to improve security for users’ accounts.
“Twitter has long encouraged the use of some form of 2FA. In 2018, we added the option to use security keys as one of several 2FA options,” the company said in a blog post.
“However, this initial support only worked for Twitter.com, not the mobile app, and required accounts to have another form of 2FA enabled as well. We know this is important to people because not everyone can have a backup 2FA method or wants to share their phone number with us.”
“Today, we’re adding the option to use security keys as your sole 2FA method — meaning you can enroll one or more security keys as the only form of 2FA on your Twitter account without a backup 2FA method,” Twitter said in the statement.
Twitter said that users would have to enter a code or a security key to access the account along with entering passwords. Once this feature is enabled, the user will need a secondary login method, either a code, a login confirmation via an app, a physical security key, and the login password to access the account.
Twitter also released a set of instructions for users to understand how to use the two-factor authentication.
Physical security keys have advantages over other two-factor methods like an authenticator app or Short Message Service (SMS) because they do not rely on a code that a bad server could intercept.
Twitter’s Security tweeted: “What’s the best way to protect your Twitter account from phishing and other attacks? Use a security key!”
In recent years, Twitter has added several features to beef up login security. The company expanded beyond SMS in 2017 by adding support for authentication apps like Google Authenticator and Authy.
In 2019, Twitter let users enable two-factor authentication without providing their phone numbers, given that SMS can be vulnerable to SIM-swapping attacks.
In 2020, Twitter introduced the feature of enabling support for security keys for iOS and Android users. In 2021, the platform launched the feature of enabling multiple security keys for users’ accounts, giving them the option of having backup security keys to be managed by multiple people if needed.
(With inputs from ANI)
(Edited by Abinaya Vijayaraghavan and Praveen Pramod Tewari)