Twitter adds physical security keys for two-factor authentication

Share the joy

Twitter has added the option to use physical security keys as the only form of two-factor authentication (2FA) for its users. It offers an extra layer to protect user accounts from hackers.

twitter physical security keys
Photo by Brett Jordan on

Physical security keys often plug into the USB port of a computer. Some of them connect to a mobile device via Bluetooth or near-field communication (NFC).

“Security keys offer the strongest protection for your Twitter account because they have built-in protections to ensure that even if a key is used on a phishing site, the information shared can’t be used to access your account,” says, Andy Sayler, senior security engineer at Twitter.

Physical security keys use WebAuthn and FIDO security standards. They know which sites are legitimate or malicious. They also block phishing attempts or spam that SMS or verification codes could not.

The added protection layer comes amid cyberattacks on governments and companies.

A series of unfortunate hacking events

In May, a ransomware attack shut down the Colonial Pipeline. This is the biggest pipeline in the US for refined oil products. The incident led to temporary shortages in several states.

Later that month, meat supplier JBS fell victim to a ransomware attack that spilled over to farmers and restaurants, and disrupted the food supply.

Last year, hackers attacked Twitter itself. They grabbed high-profile accounts from the likes of POTUS Joe Biden, Kim Kardashian West, Uber, and Apple. Hackers tricked Twitter employees to provide their login info to a phishing site.

Over the years, the micro-blogging site has urged its users to enable two-factor authentication.

In 2018, it added the use of security keys on the site. It did not include the mobile app, though.

In 2019, Twitter upgraded its security key support using an updated WebAuthn standard. It enabled two-factor authentication on Twitter account without needing a phone number. It protected users from SIM-swapping attacks.

Last year, Twitter started supporting security keys on Android and iOS devices.

This year, it allowed users to register several security keys on their accounts. It allowed users to have backup security keys. And it helped multi-user accounts to use two-factor authentication with multiple security keys.

If you are uncomfortable in sharing your phone number with Twitter, or have no backup method of two-factor authentication, you can use security keys as your only method to protect your account.

Share the joy

Author: Francis Rey

Francis is a voracious reader and prolific writer. He has been writing about social media and technology for more than 10 years. During off hours, he relishes moments with his wife and daughter.

Share This Post On