Twitter locks down logon with better hardware security key option

Security keys are tops for keeping hackers out of your account and thwarting phishing attacks.

Stephen Shankland Former Principal Writer
Stephen Shankland worked at CNET from 1998 to 2024 and wrote about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise Processors | Semiconductors | Web browsers | Quantum computing | Supercomputers | AI | 3D printing | Drones | Computer science | Physics | Programming | Materials science | USB | UWB | Android | Digital photography | Science Credentials
  • Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
Stephen Shankland
2 min read
Yubico's YubiKey 5Ci hardware security key supports Lightning and USB-C ports.

Yubico's YubiKey 5Ci hardware security key offers stronger authentication security on iOS for apps and browsers that support the underlying technology. It's got Lightning and USB-C connectors so it also works on PCs and Android devices.

Stephen Shankland/CNET

Twitter has taken a significant step in helping you protect your account with hardware security keys, a top authentication technique when it comes to security. Previously, you could register one key for logging in, but now you can enroll multiple keys, Twitter said Monday.

Passwords have abundant shortcomings. We forget them, we pick bad ones, and hackers steal them. Two-factor authentication often pairs a password with another login step -- a code generated by an authentication app or sent by SMS, for example, or a hardware security key you connect to your laptop or phone.

Hardware security keys are particularly useful for two-factor authentication because you register them to work with a particular site or service. That protects you from phishing problems where attackers try to steal your credentials by fooling you into logging in to a fake website, as Google confirmed after moving its employees to hardware security keys.

Twitter already offered hardware security key support, but only let you enroll a single key. That's a problem if you lose it or leave it behind, though Twitter also supports authenticator apps and SMS codes for two-factor authentication. Support for multiple keys makes it a safer choice to protect yourself from problems like the SIM swap attack that let a hacker steal access to the account of Twitter Chief Executive Jack Dorsey in 2019.

In the longer run, moving to hardware security keys also can help you dump passwords altogether. That's what Microsoft is encouraging, and more than 200 million people have made the move to passwordless login for its accounts like Outlook and Xbox Live.

Companies including Yubikey, Google and Feitian make hardware security keys. They typically connect by plugging into a USB port, but some models use NFC or Bluetooth radio communications.

For now, Twitter still requires you to have other authentication options besides security keys. In the future, though, you'll be able to use hardware security keys alone.