With physical key support, Twitter makes hacking into accounts much more difficult

Now you can log in with a push of a button ... almost.

How Google's physical keys protect accounts from nation-state hackers

Buried in an announcement Tuesday, Twitter said it will now support physical security keys for login verification, making it far more difficult to break into a user's account.

Known as universal two-factor (U2F) devices, these small keyring-sized devices that you can take anywhere add an extra layer of security to supporting services. Unlike a text message code sent to your phone that can be intercepted and used, a universal two-factor keyfob requires a user to physically push a button to authorize a login.

Because an associated key will also only work on genuine Twitter pages, it still helps protect against fake phishing pages that try to steal your password.

(Image: file photo)

That can help prevent remote attacks from skilled attackers on the other side of the world.

Twitter said that in order to set up a physical two-factor key, that user's account must be associated with a mobile phone number -- another new measure that Twitter is requiring of all new accounts, the company said in a blog post.

"This is an important change to defend against people who try to take advantage of our openness," said Twitter.

It's part of a renewed effort by the social network to improve security and privacy by using machine learning technologies to automatically reduce malicious bots and spam across the site.

It comes just a few weeks after the company asked its entire 330 million users to change their passwords after a bug exposed users' plaintext passwords.

Twitter is rolling out the new universal two-factor feature in stages starting Tuesday. Anyone with the setting enabled can use its support page to set up the new login verification setting.

The social networking giant isn't the first company to roll out universal two-factor protections to its users. Google first made headlines by rolling out the feature as part of its so-called Advanced Protection Program, which helps protect against government-backed hackers.

Twitter said it has blocked more than 9.9 million potential spammy or automated accounts per week in May, the company said.

Got a tip?

You can send tips securely over Signal and WhatsApp at 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More