- Twitter's new physical security key support makes it harder for hackers to remotely break into a user's account
- Several other companies like Google, Mozilla, Facebook and Dropbox have introduced physical key support
Twitter has announced that it now supports physical security keys as a form of login verification. The social media giant said Tuesday that a USB security key that can be plugged into your computer, such as a Yubikey, is now compatible with the platform as part of the two-factor authentication process.
These small devices, known as universal two-factor (U2F) devices, acts as an additional layer of authentication for logins. While a text message code may be intercepted and used by nefarious actors to log into someone's account, the U2F device must be physically plugged into a USB port to allow access to an account.
This added step ensures individuals located elsewhere who don't have access to the physical key are unable to remotely break into a person's account. Moreover, the security key will only work on genuine Twitter pages, protecting users against phishing pages designed to look like the original that try to steal your credentials.
To set up a physical two-factor security key, the user's Twitter account must be linked to a mobile phone number - another measure introduced by Twitter for all new accounts.
"This is an important change to defend against people who try to take advantage of our openness," Twitter said in a blog post.
Several other platforms such as Facebook, Mozilla, Google and Dropbox among others have previously added support for security keys.
The newly added measure comes as part of Twitter's renewed efforts to improve security and privacy whilst cracking down on rampant bots and spam on the platform. Twitter said it blocked over 9.9 million spam-related or automated accounts per week in May.
"Going forward, Twitter is continuing to invest across the board in our approach to these issues, including leveraging machine learning technology and partnerships with third parties," the company said.
The security measure also comes just weeks after Twitter asked its entire 330 million user base to immediately change their passwords after discovering a bug in its password storage system that exposed users' credentials in plain text in an internal log.
Twitter said they discovered the error themselves, removed the passwords and fixed the issue. The company added there has been "no indication of breach or misuse" by malicious actors.