Twitter has taken a significant step in helping you protect your account with hardware security keys, a top authentication technique when it comes to security. Previously, you could register one key for logging in, but now you can enroll multiple keys, Twitter said Monday.
Passwords have abundant shortcomings. We forget them, we pick bad ones, and hackers steal them. Two-factor authentication often pairs a password with another login step -- a code generated by an authentication app or sent by SMS, for example, or a hardware security key you connect to your laptop or phone.
Hardware security keys are particularly useful for two-factor authentication because you register them to work with a particular site or service. That protects you from phishing problems where attackers try to steal your credentials by fooling you into logging in to a fake website, as Google confirmed after moving its employees to hardware security keys.
Twitter already offered hardware security key support, but only let you enroll a single key. That's a problem if you lose it or leave it behind, though Twitter also supports authenticator apps and SMS codes for two-factor authentication. Support for multiple keys makes it a safer choice to protect yourself from problems like the SIM swap attack that let a hacker steal access to the account of Twitter Chief Executive Jack Dorsey in 2019.
In the longer run, moving to hardware security keys also can help you dump passwords altogether. That's what Microsoft is encouraging, and more than 200 million people have made the move to passwordless login for its accounts like Outlook and Xbox Live.
For now, Twitter still requires you to have other authentication options besides security keys. In the future, though, you'll be able to use hardware security keys alone.