Last year Twitter added an option for users to log into its mobile app using a physical security key as a two-factor authentication method. But you had to enable another authentication method to use it.
Twitter is now improving this feature to allow users to add a security key without enabling another two-factor authentication method on their accounts.
The technical support account said via Twitter at the security keys can now be the only two-factor authentication option in both the mobile app and website. With this new feature, users can set up a physical security key without having to add a text message or authentication code as a backup.
Twitter explains in a blog post that this change is important because not every user can get or want another two-factor authentication method besides the security key, like someone who doesn't want their phone number sent to Twitter's servers.
Today we are adding the option to use security keys as the only two-factor authentication method. This means that you can register one or more security keys as the only form of 2FA through your Twitter account. And that without a 2FA backup method. We know this is important to people because not everyone can have a backup 2FA or want to share their phone number with us. And with this update, we want everyone to feel able to enable security keys to better secure their Twitter account.
Security keys can now be the only two-factor authentication method across mobile and web. Physical security keys are small devices that store authentication codes for applications and websites. This way, no one can log into your accounts without access to this physical key.
Apple added support for physical security keys with iOS 13.3, which work via a Lightning / USB-C connector or even NFC across compatible devices.
According to Twitter, the new feature is now rolling out to users in iOS and Android apps, as well as the platform's website.