Twitter has rolled out an update that allows you to enroll more than one hardware security key to your account for two-factor authentication. The website launched the ability to log in with a physical key on Android and iOS back in December — the ability has been around for desktop since 2018 — but it only used to be able to associate an account with one key. That could be problematic if you keep multiple keys in different locations so you don't have to carry one around, or if you have no choice but to use several keys because your devices have different ports. With this update, you'll be able to log in with more than one physical key on both mobile and the web.
The company has also announced that the option to exclusively use physical keys for 2FA is "coming soon." Currently, you still have to set 2FA on an authenticator app or activate SMS verification as a backup even if you have a physical key associated with your account. It's now pretty common knowledge that SMS verification isn't that secure, since bad actors could intercept messages. The upcoming feature could set your mind at ease if you'd rather not give Twitter your phone number or if you don't use authenticator apps at all, though the company has yet to reveal when it'll be available.
Secure your account (and that alt) with multiple security keys. Now you can enroll and log in with more than one physical key on both mobile and web.— Twitter Support (@TwitterSupport) March 15, 2021
And coming soon: the option to add and use security keys as your only authentication method, without any other methods turned on.