Twitter only allows security key hardware for two-factor authentication. Twitter has said that it will soon only allow you to use a security key as your two-factor authentication method. On Wednesday, it announced that the feature is rolling out to both mobile and web.
Being able to use a security key as one of your two-factor authentication methods is nothing new, but users will be able to use it alone if they wish. Physical security keys have advantages over other two-factor methods such as an authentication application or SMS because they do not rely on code that a malicious person or party can intercept.
Secure your account (and that alt) with multiple security keys. Now you can enroll and log in with more than one physical key on both mobile and web.
And coming soon: the option to add and use security keys as your only authentication method, without any other methods turned on.
— Twitter Support (@TwitterSupport) March 15, 2021
In recent years, Twitter has added a number of features to improve login security. The company went beyond SMS by adding support for authentication apps like Google Authenticator and Authy in 2017. In 2019, it allowed you to enable two-factor authentication without providing your phone number.
This was hailed as a positive change, given that SMS may be vulnerable to SIM swapping attacks. In a similar attack, someone else took control of CEO Jack Dorsey’s account for about an hour and a half.