In March, Twitter said it would soon let you use a security key as your only two-factor authentication method, and on Wednesday, it announced that the feature was live on both mobile and web.
Being able to use a security key as one of your two-factor authentication methods isn’t new, but now you can make it the only one if you want to. Physical security keys have advantages over other two-factor methods like an authenticator app or SMS because they don’t rely on a code that a bad actor could intercept.
In recent years, Twitter has added several features to beef up login security. The company expanded beyond SMS in 2017 by adding support for authentication apps like Google Authenticator and Authy. In 2019, Twitter let you enable two-factor authentication without giving your phone number, a positive change given that SMS can be vulnerable to SIM-swapping attacks (like the one that led to CEO Jack Dorsey losing control of his account for about an hour and a half).