Protecting your account on all of your devices is important. We’ve updated two-factor authentication so you can now log in with your physical security key on Android and iOS, like on desktop. More on how to set up this added security for your account: https://t.co/c7hff75zQd— Twitter Support (@TwitterSupport) December 2, 2020
Twitter introduced support for physical security keys in 2018, allowing users to add a physical security barrier to their accounts instead of other two-factor authentication options, such as: a text message or a code generated from an app.
Physical security keys are small enough to fit into a keyring, and they make certain types of account breaches nearly impossible by requiring the user to plug in the key upon login.
But technical limitations meant that accounts protected by physical security keys could only log in from a computer, not a mobile device.
Twitter partially solved this problem by switching to WebAuthn last year, paving the way to bring physical key support for more devices and browsers.
Anyone with a physical security key linked to their Twitter account can now use the same key to log in from their mobile devices, as long as the key is supported.
Twitter has long recommended that high-profile accounts such as journalists, politicians, and government officials use physical security keys to prevent some complex attacks.
Twitter earlier this year provided physical security keys to its employees to prevent a repeat of the July cyber attack that saw hackers penetrate the company’s internal network and abuse an administrative tool, which hackers then used to hijack prominent accounts in order to spread a cryptocurrency fraud.
In the wake of the attack, Twitter appointed Rinki Sethi as the head of information security, and the popular hacker Peiter Zatko, known as Mudge, as the company’s chief of security.