Buried in an announcement Tuesday, Twitter said it will now support physical security keys for login verification, making it far more difficult to break into a user's account.
Known as universal two-factor (U2F) devices, these small keyring-sized devices that you can take anywhere add an extra layer of security to supporting services. Unlike a text message code sent to your phone that can be intercepted and used, a universal two-factor keyfob requires a user to physically push a button to authorize a login.
Because an associated key will also only work on genuine Twitter pages, it still helps protect against fake phishing pages that try to steal your password.
(Image: file photo)
That can help prevent remote attacks from skilled attackers on the other side of the world.
Twitter said that in order to set up a physical two-factor key, that user's account must be associated with a mobile phone number -- another new measure that Twitter is requiring of all new accounts, the company said in a blog post[1].
"This is an important change to defend against people who try to take advantage of our openness," said Twitter.
It's part of a renewed effort by the social network to improve security and privacy by using machine learning technologies to automatically reduce malicious bots and spam across the site.
It comes just a few weeks after the company asked its entire 330 million users to change their passwords after a bug exposed users' plaintext passwords[2].
Twitter is rolling out[3] the new universal two-factor feature in stages starting Tuesday. Anyone with the setting enabled can use its support page[4] to set up the new login verification setting.
The social