Twitter to Soon Allow Users to Use Hardware Keys for More Secure Logins

Twitter has announced that the social media platform will soon allow users to add extra security to their account with multiple security keys on both mobile and web. It essentially means users will soon be able to use hardware security keys as an alternative to existing authentication methods. Similarly, the hardware would allow users to log in without traditional username-password, which could also lead to fewer instances of ‘forgot password.’ However, the platform may still ask users to enable other authentication methods such as two-factor authentication (2FA) for security purposes.

The micro-blogging platform shared the development on Twitter where it notes the feature is “coming soon.” The post further reads “coming soon, the option to add and use security keys as your only authentication method, without any other methods turned on.” Hardware keys have been around for quite some, and slowly, even laptops come with an inbuilt fingerprint scanner. Whereas, devices that lack a fingerprint scanner can still support one via a Bluetooth connection or USB port. This method is also considered safer as users are now logging in via biometric authentication.

Notably, Twitter is also slowly moving away from SMS-based authentication after its CEO, Jack Dorsey’s account got compromised due to a SIM swap attack. The new development could also pave the way for eliminating the need for passwords altogether. For instance, several Microsoft Windows-running PCs are now coming with fingerprint scanners to enable Windows Hello login method that is considered relatively safer than other options.

Companies including Yubikey, Google and Feitian make hardware security keys. They typically connect by plugging into a USB port, but some models use NFC or Bluetooth radio communications. Most of these devices are based on protocols set by FIDO Alliance’s U2F. It is an open authentication standard that enables internet users to securely access any number of online services with one single security key instantly and with no drivers or client software needed.