Twitter lets users tie multiple 2FA security keys to their accounts

It will soon allow you to only use security keys for 2FA without backup, as well.


Twitter has rolled out an update that allows you to enroll more than one hardware security key to your account for two-factor authentication. The website launched the ability to log in with a physical key on Android and iOS back in December — the ability has been around for desktop since 2018 — but it only used to be able to associate an account with one key. That could be problematic if you keep multiple keys in different locations so you don't have to carry one around, or if you have no choice but to use several keys because your devices have different ports. With this update, you'll be able to log in with more than one physical key on both mobile and the web.

The company has also announced that the option to exclusively use physical keys for 2FA is "coming soon." Currently, you still have to set 2FA on an authenticator app or activate SMS verification as a backup even if you have a physical key associated with your account. It's now pretty common knowledge that SMS verification isn't that secure, since bad actors could intercept messages. The upcoming feature could set your mind at ease if you'd rather not give Twitter your phone number or if you don't use authenticator apps at all, though the company has yet to reveal when it'll be available.