Twitter has added support for security keys to support two-factor authentication (2FA).
2FA is widely considered to be an important step in securing accounts and information. With 2FA enabled, a user does not gain immediate access to their account when they log in using their username and password. Instead, they are required to take an additional step, such as confirming the login via their phone or other device, providing a fingerprint or using a security key.
A security key has some distinct advantages over other forms of 2FA, as Twitter highlights in their blog.
Security keys are small devices that act like keys to your house. Just as you need a physical key to unlock the door to your home, you need a security key to unlock access to your account. Security keys offer the strongest protection for your Twitter account because they have built-in protections to ensure that even if a key is used on a phishing site, the information shared can’t be used to access your account. They use the FIDO and WebAuthn security standards to transfer the burden of protecting against phishing attempts from a human to a hardware device. Security keys can differentiate legitimate sites from malicious ones and block phishing attempts that SMS or verification codes would not.
For the time being, security keys will only work with Twitter.com, not the mobile apps. Nonetheless, the new feature is an important step in security Twitter accounts.