Although it doesn’t always get dragged into the spotlight the way Facebook does, when Twitter does get into the news, it often isn’t good news. From broken new features to unpopular changes to long-standing requested features, Twitter has had its fair share of controversy, even if in short spurts. Its biggest problem, however, has always been the platform’s security and the social media giant has just taken one step forward in ensuring its high-profile users, including its own CEO, don’t easily get hacked again.
For the longest time, Twitter was pretty lax about implementing or enforcing best security practices. When it finally added two-factor authentication via apps, for example, it still used a phone number for backup and other uses, like tweeting through SMS. That was until its own CEO Jack Dorsey became the victim of a SIM Swap attack last year.
Two-factor authentication or 2FA has become the stop-gap measure pushed by security experts but not all 2FA methods are created equal. Those that use SMS are inherently insecure and email is just a little bit better, at least until your email has been compromised as well. 2FA apps are the most recommended method but some consider a physical hardware 2FA key, pretty much a USB stick, as the better option.
Twitter already has support for such physical security keys but previously limited that to desktops only. As such keys start to gain traction on mobile, Twitter has finally expanded its support to both Android and iOS apps.
Yubico is offering Twitter users a $10 discount off its 2FA YubiKeys to mark the occasion. Some might consider such physical security keys just as secure as your door keys, but it could be a better option for some high-profile or high-risk Twitter users like CEOs, politicians, and activists.