Twitter’s Two-Factor Authentication Now Uses the FIDO2 WebAuthn Protocol by Default

The social network had been relying on FIDO U2F for nearly one year

The FIDO2 WebAuthn protocol Twitter

Twitter is switching its security key-based two-factor authentication from the FIDO U2F standard it has used for nearly one year to the FIDO2 WebAuthn protocol.

Software engineer Brian Wong said in a blog post that FIDO U2F only supported a limited number of browsers and authenticators, while WebAuthn has a wider range of support, complete with all of the phishing resistant capabilities that security key-based 2FA provides.

He added that web authentication standard WebAuthn is approved by the World Wide Web Consortium and has already been adopted by other tech industry leaders.

It enables strong browser-to-hardware-based authentication via devices including security keys, mobile phones and built-in authenticators such as Touch ID, exchanging user credentials using public key cryptography.

WebAuthn is also supported by most modern browsers, including Chrome, Edge and Firefox.

As of Thursday, WebAuthn is enabled by default, and it follows the same process people on Twitter used in the past when registering their security keys. David Cohen is editor of Adweek's Social Pro Daily.