Twitter announced this week that it had added the ability to use physical security keys, which people can use as the only form of two-factor authentication, an extra layer to protect accounts from hackers. Physical security keys are usually connected to a computer’s USB drive or connected to a mobile device via Bluetooth or Near Field Communication (NFC).
“Security keys provide the strongest protection for your Twitter account because they have built-in security that ensures that even if the key is used on a phishing site, the information shared cannot be used to access your account,” Andy Sayler, senior security engineer at Twitter, wrote in a blog post.
The security keys use FIDO and WebAuthn security standards and can differentiate legitimate sites from malicious sites and prevent phishing attempts that text messages or verification codes would not do, he said.
Twitter’s extra layer of protection comes when cyber-attacks against businesses and government agencies make headlines. Ransom program attack in May temporarily closed the colonial line, the largest pipeline system for refined petroleum products in the United States, leading to gasoline shortages in several states. In the same month, meat supplier JBS was targeted for the year ransomware attack which disrupted food intake.
Twitter last year fell victim to a hacker attack which took over high – profile accounts, including those belonging to Joe Biden, Kim Kardashian West, Uber and Apple. Hackers deceived several Twitter employees into giving up their login credentials to a phishing site.
The company has taken steps over the years to encourage people to use some form of two-step authentication, Sayler said in a blog post. In 2018, the company added the ability to use security keys, but only on Twitter.com, not in a mobile app, and required accounts to have another form of two-factor authentication.
In 2019, Twitter updated our security key support to the latest WebAuthn standard. It also enabled two-step authentication on a Twitter account without a phone number, allowing people to protect their account against SIM card swapping. Last year, Twitter added security key support for iOS and Android devices.
Twitter began this year allowing users to register multiple security keys on their Twitter accounts. This step allowed users to have backup security keys, and made it easier for accounts managed by multiple people to enable two-step authentication with multiple security keys.
People who don’t want to share their phone numbers with Twitter or don’t have a backup for two-factor authentication can instead use security keys as the only way to protect their account, Sayler said.