Twitter plans a future update that will allow two-factor authentication-enabled accounts to use security keys as the only authentication method, the company said Monday. Right now, you can use a security key to sign in to your Twitter account, but you’ll need to have another 2FA method – such as an authentication app or SMS codes – as a backup.
While authentication programs like Google Authenticator or Authy are more secure than using 2FA SMS codes, security keys – physical keys that connect to your computer via USB or Bluetooth – are the most secure way to secure an account online. Users do not have to enter a code that can be intercepted by a malicious third party.
You connect the key, your browser sets a challenge, then the key draws the challenge cryptographically and confirms your identity. Another benefit of using a security key: users do not have to provide additional personal information, such as a phone number, to Twitter to log in to their accounts.
Secure your account (and that alt) with multiple security keys. Now you can sign in and sign up with more than one physical key on both mobile and web.
And soon: the option to add and use security keys as your only authentication method, without any other method enabled.
– Twitter Support (@ Twitter Twitter) 15 March 2021
Twitter also said Monday that it allows multiple security keys on one account; to date, only one key per account has been allowed, in addition to the other 2FA methods. In December, Twitter announced that this was the case add support for security keys for 2FA-enabled accounts when users log in to their mobile applications.
A Twitter spokesman said Monday there was no timeline for when the only security key 2FA would take effect.