Twitter this week announced that it allows users to enroll security keys and use them as the only form of two-factor authentication (2FA) to secure their accounts.
“Security keys offer the strongest protection for your Twitter account because they have built-in protections to ensure that even if a key is used on a phishing site, the information shared can’t be used to access your account,” Twitter explains.
Security keys rely on FIDO and WebAuthn security standards to ensure protection against account compromise attempts, Twitter says. Such keys can even differentiate between legitimate and malicious sites, thus blocking phishing attempts that other forms of 2FA can’t prevent.
Twitter first added security keys as a 2FA option in 2018, but only for Twitter.com, and only if another form of 2FA was also enabled. In 2019, the social platform allowed for the use of security keys without a phone number, thus looking to protect users against SIM-swapping attacks.
Starting last year, support for security keys was extended to iOS and Android too, and users were provided earlier this year with the ability to register multiple security keys to their Twitter account.
Now, users can employ those security keys as their sole 2FA method. Thus, those with one or multiple security keys enrolled need no other backup 2FA method to secure their Twitter accounts.
“We know this is important to people because not everyone is able to have a backup 2FA method or wants to share their phone number with us. With this update, we want everyone to feel empowered to enable security keys to better secure their Twitter account,” the company says.