clock menu more-arrow no yes

Filed under:

Twitter now lets you set a security key as your only two-factor authentication method

You can just use a security key, if you want

Illustration by Alex Castro / The Verge

In March, Twitter said it would soon let you use a security key as your only two-factor authentication method, and on Wednesday, it announced that feature was live on both mobile and web.

Being able to use a security key as one of your two-factor authentication methods isn’t new, but now you can make it the only one, if you want to. Physical security keys have advantages over other two-factor methods like an authenticator app or SMS because they don’t rely on a code that a bad actor could intercept.

In recent years, Twitter has added a number of features to beef up login security. The company expanded beyond SMS in 2017 by adding support for authentication apps like Google Authenticator and Authy. In 2019, Twitter let you enable two-factor authentication without giving your phone number, a positive change given that SMS can be vulnerable to SIM-swapping attacks (like the one that led to CEO Jack Dorsey losing control of his account for about an hour and a half).

If you’re interested in picking up a security key for yourself, check out our guide.