Hear this story and other latest updates on our Let's Talk Security Podcast Episode here:

Listen on Apple Podcasts
google-podcasts-logo-6

Twitter said Wednesday that accounts protected with a hardware security key can now log in from their iPhone or Android device.

They rolled out hardware security keys in 2018, allowing users to add a physical security barrier to their accounts in place of other two-factor authentication options, like a text message or a code generated from an app.

Security keys make certain kinds of account hacks near impossible by requiring a user to plug in the key when they log in even if they have your username and password.

But technical limitations meant that accounts protected with security keys could only log in from a computer, and not a mobile device.

Twitter solved that headache in part by switching to the WebAuthn protocol last year, which allowed bringing hardware security key support to more devices and browsers.

Now anyone with a security key set up on their Twitter account can use that same key to log in from their mobile device, so long as the key is supported. (A ton of security keys exist today that work across different devices, like YubiKeys and Google's Titan key.)

Earlier this year Twitter rolled out hardware security keys to its own staff to prevent a repeat of its July cyberattack that saw hackers break into the company's internal network and abuse an "admin" tool, which the hackers then used to hijack high-profile accounts to spread a cryptocurrency scam.