Mark your calendar for Mediaweek, October 29-30 in New York City. We’ll unpack the biggest shifts shaping the future of media—from tv to retail media to tech—and how marketers can prep to stay ahead. Register with early-bird rates before sale ends!
Twitter is now allowing users to opt for security keys as their only form of two-factor authentication.
The social network said in a blog post that users can now enroll one or more security keys as their sole 2FA method, recognizing that not everyone is able to use a backup 2FA method or willing to share their phone number with Twitter.
Twitter added the option for people to use security keys as one of several 2FA options in 2018, but it only worked for the desktop site, not its mobile applications, and users were required to have another form of 2FA enabled.
The social network upgraded its security key support to the WebAuthn standard in 2019, removing the requirement for a phone number later that year.
The use of security keys was extended to Android and iOS last December, and the social network enabled the use of multiple security keys in March.
Twitter engineer Abbas Ali Haji and staff security engineer Andy Sayler explained in a blog post, “While any form of 2FA is better than no 2FA, physical security keys are the most effective. Security keys are small devices that act like keys to your house. Just as you need a physical key to unlock the door to your home, you need a security key to unlock access to your account. Security keys offer the strongest protection for your Twitter account because they have built-in protections to ensure that even if a key is used on a phishing site, the information shared can’t be used to access your account. They use the FIDO and WebAuthn security standards to transfer the burden of protecting against phishing attempts from a human to a hardware device. Security keys can differentiate legitimate sites from malicious ones and block phishing attempts that SMS or verification codes would not.”
