Two-factor authentication is something that we should normalize using with apps that are prone to hacks and attacks. Twitter has always encouraged users to use 2FA to keep their accounts secure and there are several ways to enable it. Security keys are probably the most secure of those ways but Twitter still required users to have a second form of 2FA enabled, which is more often than not, their mobile number. But now, Twitter is finally letting security keys be your sole authentication.
Sending a code to your mobile number is the most common 2FA method but not the most secure. It is vulnerable to phishing attacks, hacking, etc, and is also not ideal for those who want to share their mobile numbers with the app or the company. So the fact that Twitter still required another form of 2FA if you enabled security keys already was a pain. But now finally, those who own security keys , who are most likely serious about security, can rest easy, at least when it comes to Twitter.
Twitter posted that security keys “can be your one and only” 2FA on both mobile and web. For those who are not familiar about security keys, it’s a physical device that you use to “enter” a digital space with 2FA. It is equipped with security standards like FIDO or WebAuthn and they use protocols to avoid successful phishing attempts. They can differentiate between legitimate sites and malicious ones so it stops the attempt.
Now security keys can be your one and only two-factor authentication method on mobile and web.
Learn more about how security keys can protect your account from attacks: https://t.co/Ta7uQSFhi6 pic.twitter.com/aPDOnbRtVk
— Twitter Support (@TwitterSupport) June 30, 2021
Security experts have called on users to not make SMS their default 2FA method. While it is still better than having none, users need to be aware that their SMS can be hacked by those attempting to get into an account or it can be used for phishing attacks to get access to your information. Security keys meanwhile are considered the most secure as it is a physical hardware device. Twitter said that if the key is lost somehow, they will allow a second security key to be added as a backup.
Twitter assures users that they will still do what they can to keep users safe on their platform, no matter what 2FA method you use. But of course there is still a responsibility on the users to keep their accounts and data safe by using all the security features offered in apps like Twitter whenever you can.