Security Experts:

Connect with us

Hi, what are you looking for?


Identity & Access

Twitter Enables Use of Security Keys as Sole Two-Factor Authentication Method

Twitter this week announced that it allows users to enroll security keys and use them as the only form of two-factor authentication (2FA) to secure their accounts.

Twitter this week announced that it allows users to enroll security keys and use them as the only form of two-factor authentication (2FA) to secure their accounts.

“Security keys offer the strongest protection for your Twitter account because they have built-in protections to ensure that even if a key is used on a phishing site, the information shared can’t be used to access your account,” Twitter explains.

Security keys rely on FIDO and WebAuthn security standards to ensure protection against account compromise attempts, Twitter says. Such keys can even differentiate between legitimate and malicious sites, thus blocking phishing attempts that other forms of 2FA can’t prevent.

Twitter first added security keys as a 2FA option in 2018, but only for, and only if another form of 2FA was also enabled. In 2019, the social platform allowed for the use of security keys without a phone number, thus looking to protect users against SIM-swapping attacks.

Starting last year, support for security keys was extended to iOS and Android too, and users were provided earlier this year with the ability to register multiple security keys to their Twitter account.

Now, users can employ those security keys as their sole 2FA method. Thus, those with one or multiple security keys enrolled need no other backup 2FA method to secure their Twitter accounts.

“We know this is important to people because not everyone is able to have a backup 2FA method or wants to share their phone number with us. With this update, we want everyone to feel empowered to enable security keys to better secure their Twitter account,” the company says.

Related: US Teen ‘Mastermind’ in Epic Twitter Hack Sentenced to Prison

Related: Twitter Shuts Down Four Networks of State-Sponsored Disinformation Accounts

Related: Twitter Hack: 24 Hours From Phishing Employees to Hijacking Accounts

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Computer maker Lenovo has started pushing security patches to address three vulnerabilities impacting the UEFI firmware of more than 110 laptop models.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...