Twitter now lets you use security keys as the only 2FA method

Twitter now lets users use security keys as the only two-factor authentication (2FA) method while having all other login methods disabled, as the social network announced three months ago, in March.

2FA is an additional security layer for Twitter accounts requiring users to use a security key or enter a code together with their passwords to log into their accounts.

This ensures that only the account owner can log in and blocks malicious takeover attempts by guessing, using stolen credentials, or resetting the password.

Option available in mobile apps and on the web

Starting this week, the company lets users switch to 2FA powered only by security keys on both the web and mobile apps.

This change meets the needs of those who don't want to use third-party authentication apps or share their phone numbers to enable this security feature on their accounts.

"Today, we're adding the option to use security keys as your sole 2FA method — meaning you can enroll one or more security keys as the only form of 2FA on your Twitter account without a backup 2FA method," Twitter said.

"We know this is important to people because not everyone is able to have a backup 2FA method or wants to share their phone number with us."

Better protection from SIM-swapping attacks

Twitter has first added security keys as one of several 2FA methods on the web in 2018 and support to use security keys when logging into mobile apps for 2FA-enabled accounts in December 2020.

The company also upgraded security key support to the WebAuthn standard, which delivers secure authentication over the web and enabled the ability to use 2FA on any Twitter account without a phone number.

As mentioned in the beginning, Twitter also added support for using multiple security keys on 2FA-enabled accounts for securely logging in and fending off account takeover attempts following phishing attacks.

While some high-profile Twitter accounts were successfully hijacked last year despite having 2FA enabled after attackers gained access to internal admin systems, you should still toggle on 2FA to be protected against less-sophisticated hacking attempts.

To turn on 2FA on your Twitter account, you have to go to your profile menu into Settings and Privacy, then to Security and account access (on the desktop) or Account > Security (on iOS) and enable the Two-factor authentication option.