There are plenty of forms of so-called two-factor authentication when it comes to security, and not all of them are equal. Among the higher tiers of security is an actual, physical hardware key that requires you to plug it in when signing into an account. Fans of the standard will be glad to hear that Twitter has just announced that hardware key-based two-factor authentication can now be used to log in on Android and iOS.
Some years back, Twitter added support for authenticator apps, but you still had to have a phone number on file until just last year, a danger given the ease of social engineering and SIM-swap attacks. Twitter's allowed hardware 2FA keys on desktop for some time now, but the addition of the mobile apps further enhances user security.
Protecting your account on all of your devices is important. We’ve updated two-factor authentication so you can now log in with your physical security key on Android and iOS, like on desktop. More on how to set up this added security for your account: https://t.co/c7hff75zQd
— Twitter Support (@TwitterSupport) December 2, 2020
For many of us, Twitter is just another means of following content creators, making their accounts relatively low-value. For others, it's a valuable part of the occupational toolset that merits as much protection as possible. Hardware-backed security may be slightly inconvenient at times, but it's also the best way to protect something important online.
The change affects both the Android and iOS Twitter apps, though it isn't clear if it applies to other first-party apps like Periscope or TweetDeck. Twitter has instructions for how to set things up over on its support site. If you don't have a hardware security key, Yubico is giving folks $10 off their purchase of a single YubiKey hardware 2FA key for the next week with the coupon code TWITTER10. Just make sure you get one with the right connector for your device — that'll probably be USB Type-C for most Android phones.