American micro-blogging and social networking service Twitter has announced a new update that will let users use security keys as the only authentication method soon, adding that the platform will allow multiple security keys per account instead of just one.
At present, users use a security key to sign in to their Twitter accounts, but you need to have another 2FA method — like an authenticator app or SMS codes — enabled as a backup. While authentication applications like Google Authenticator or Authy are safer than using SMS codes for 2FA, security keys — physical keys that connect to your computer using USB or Bluetooth — are the most secure way to protect an account online.
Users don’t have to type in a code that could be intercepted by a malicious third party. You connect the key, your browser issues a challenge, then the key cryptographically signs the challenge and verifies your identity. Another benefit that this update may bring is that users would not need to provide any extra personal information to Twitter such as a telephone number, to be able to log in to their accounts.
So users can ensure that their privacy is not hindered. Twitter said on Monday that it “will allow multiple security keys on a single account; until today, it only allowed one key per account, in addition to the other 2FA methods”.
In December, Twitter announced it was adding support for security keys for 2FA-enabled accounts when users log in to its mobile apps. However, a Twitter spokesperson said on Monday that there wasn’t a timeline for when security key-only 2FA would take effect.