Twitter is planning a future update that will allow accounts enabled with two-factor authentication to use security keys as the only authentication method, the company said on Monday. At present, you can use a security key to sign in to your Twitter account, but you need to have another 2FA method — like an authenticator app or SMS codes — enabled as backup.
Twitter will soon let you use a security key as your only 2FA method
The company also said it will allow multiple security keys per account instead of just one
The company also said it will allow multiple security keys per account instead of just one
Illustration by Alex Castro / The Verge
While authentication apps like Google Authenticator or Authy are more secure than using SMS codes for 2FA, security keys — physical keys that connect to your computer using USB or Bluetooth — are the most secure way to protect an account online. Users don’t have to type in a code that could be intercepted by a malicious third party.
You connect the key, your browser issues a challenge, then the key cryptographically signs the challenge and verifies your identity. Another benefit of using a security key: users don’t have to give Twitter any additional personal information, such as a telephone number, to be able to log in to their accounts.
Twitter also said Monday it will allow multiple security keys on a single account; until today, it only allowed one key per account, in addition to the other 2FA methods. In December, Twitter announced it was adding support for security keys for 2FA-enabled accounts when users log in to its mobile apps.
A Twitter spokesperson said Monday there wasn’t a timeline for when security key-only 2FA would take effect.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
