How to use a physical security key on Twitter and where to get it from


In April this year, social networking giant Twitter made it official that it will allow its physical security keys as a 2FA for its users using its web or app version. Now the Tweeting giant has clarified that users will be allowed to use their security keys as the only form of two factor authentication, if they will do so.

Twitter allows Two factor authentication in three ways- Text Message, authentication via App and through a physical security key.

Keeping aside others, users can now make use of only the security key in the following way.

If you are already using a physical security key for your Gmail account, then the same can also be used for your twitter authentication as well. Or else buy a new one from Yubikey and then follow the below stated steps-

Once you get a Yubikey say a $20 one, log into your Twitter account via Chrome browser or any other and go to ‘settings and privacy’ feature. After getting into this feature, just click on the ‘security tab’ feature and set-up a login verification method via text to your phone number or email ID.

After getting the verification code, Twitter will prompt you to gain a single use backup code that needs to be saved on paper by the user thereafter. As it helps to regain access to your Twitter account just in case, you lose your physical security key or somebody steals it.

After you finish the process of backup code access, then a fresh login verification page will pop up asking for a set-up of the Security Key.

Thereafter to sign up with the security key, the twitter user needs to click on the security option> security key> enter password and then click start for the device to take control of the account protection via Computer USB Port.

Security analysts say that the use of physical keys will help defend twitter users from phishing attempts as the access to account will be blocked, thus disallowing the hacker to access an account in any manner. Also, such devices help alert the user about legitimate and malicious websites and will block access attempts that usually SMS and Verification codes would not do.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display