Twitter this week introduced it had added the choice to make use of bodily safety keys for folks to make use of as their solely type of two-factor authentication, an additional layer of defending their accounts from hackers. Bodily safety keys usually plug into the USB drive of a pc or connect with a cellular gadget by way of Bluetooth or a near-field communication (NFC) chip.
“Safety keys provide the strongest safety in your Twitter account as a result of they’ve built-in protections to make sure that even when a key’s used on a phishing website, the knowledge shared can’t be used to entry your account,” Andy Sayler, senior safety engineer at Twitter, wrote in a blog post.
Safety keys use FIDO and WebAuthn safety requirements, and may inform the distinction between reputable websites and malicious ones whereas block phishing makes an attempt that SMS or verification codes wouldn’t, he stated.
Twitter’s further layer of safety comes as cyberattacks on firms and authorities companies make headlines. A ransomware assault in Could quickly shut down the Colonial Pipeline, the largest pipeline system for refined oil merchandise within the U.S., resulting in gasoline shortages in a number of states. The identical month, meat provider JBS was focused in a ransomware assault that disrupted the meals provide.
Twitter final 12 months fell sufferer to an assault by hackers who took management of high-profile accounts, together with these belonging to Joe Biden, Kim Kardashian West, Uber and Apple. Hackers duped a number of Twitter workers into giving up their login credentials to a phishing website.
The corporate over time has taken steps to induce folks to make use of some form of two-factor authentication, Sayler stated within the weblog. The corporate in 2018 added the choice to make use of safety keys, however solely on the Twitter.com web site, not the cellular app, and required accounts to have one other type of two-factor authentication.
In 2019, Twitter upgraded our safety key assist to make use of the newest WebAuthn normal. It additionally enabled two-factor authentication on a Twitter account with out requiring a telephone quantity, letting folks defend their accounts from SIM-swapping assaults. Final 12 months, Twitter added assist for safety keys on iOS and Android gadgets.
Twitter this 12 months started letting customers register a number of safety keys on their Twitter accounts. That step lets customers have backup safety keys, and made it simpler for accounts managed by a number of folks to allow two-factor authentication with a number of safety keys.
Individuals who don’t need to share their telephone numbers with Twitter or don’t have a backup methodology of two-factor authentication can as an alternative use safety keys as their sole methodology to guard their accounts, Sayler stated.
