Twitter is planning a future update that will allow accounts enabled with two-factor authentication to use security keys as the only authentication method, the company said on Monday. You can currently use a security key to log into your Twitter account, but you need to have another 2FA method – such as an authenticator app or SMS codes – enabled as a backup.
While authentication apps like Google Authenticator or Authy are more secure than using SMS codes for 2FA, security keys – physical keys that connect to your computer using USB or Bluetooth – are the most secure way to secure an online account. Users are not required to enter code that can be intercepted by malicious third parties.
You connect the key, your browser issues a challenge, then the key cryptographically signs the challenge and verifies your identity. Another benefit of using a security key: users do not need to provide Twitter with any additional personal information, such as a phone number, in order to log into their accounts.
Protect your account (and that alt) with several security keys. Now you can sign up and log in with more than one physical key on your phone and on the web.
And soon: the option to add and use security keys as your only authentication method, with no other method enabled.
– Twitter support (@TwitterSupport) March 15, 2021
Twitter also said on Monday that it will allow multiple security keys on a single account; until today, it only allowed one key per account, in addition to the other 2FA methods. In December, Twitter announced that it was adding support for security keys for 2FA-enabled accounts when users sign in to their mobile apps.
A Twitter spokesman said on Monday that there was no deadline for when the key-only security 2FA would take effect.