U.S-based micro-blogging and social media platform Twitter has recently revealed plans to roll out a future update that will enable account holders to use security keys as the primary means for two-factor authentication. At present, security keys can be used to sign-in to a Twitter account; however, an additional 2FA method, such as SMS codes or authenticator apps, has to be enabled as a backup.
While most apps like Authy or Google Authenticator are considerably safer than SMS codes as 2FA solutions, security keys, which physically connect to computers using Bluetooth or USB, are considered to be the most secure method for online account protection, given that users are not required to type in codes that could be intercepted by any malicious third-party sources.
Once the key is connected, the computer’s browser issues a challenge, which is signed cryptographically by the key, following which the user’s identity is verified. Security keys also allow users to circumvent the provision of any additional personal data to Twitter, like phone numbers, in order to sign-in to their accounts.
Twitter has also claimed that the new update will allow the use of multiple security keys for a single account. Currently, only one key is allowed per account, in addition to other two-factor authentication methods. The company had announced in December that it would add support for security keys for accounts that are 2FA-enabled, when users login to the mobile apps.
A spokesperson from Twitter recently commented that the new update was “coming soon” and did not provide any concrete timeline for when the security key-only 2FA solution would be rolled out.
The ability to log-in with physical keys was launched by the company back in 2018, when it was released for use on desktop, and has since been extended to iOS and Android in December.
Source Credit: https://www.theverge.com/2021/3/15/22332234/twitter-security-key-2fa-authenticator-privacy