Buried in an announcement Tuesday, Twitter said it will now support physical security keys for login verification, making it far more difficult to break into a user’s account.
Known as universal two-factor (U2F) devices, these small keyring-sized devices that you can take anywhere add an extra layer of security to supporting services. Unlike a text message code sent to your phone that can be intercepted and used, a universal two-factor keyfob requires a user to physically push a button to authorize a login.
Because an associated key will also only work on genuine Twitter pages, it still helps protect against fake phishing pages that try to steal your password.
That can help prevent remote attacks from skilled attackers on the other side of the world.
Twitter said that in order to set up a physical two-factor key, that user’s account must be associated with a mobile phone number — another new measure that Twitter is requiring of all new accounts, the company said in a blog post.
“This is an important change to defend against people who try to take advantage of our openness,” said Twitter.
It’s part of a renewed effort by the social network to improve security and privacy by using machine learning technologies to automatically reduce malicious bots and spam across the site.
It comes just a few weeks after the company asked its entire 330 million users to change their passwords after a bug exposed users’ plaintext passwords.
The social networking giant isn’t the first company to roll out universal two-factor protections to its users. Google first made headlines by rolling out the feature as part of its so-called Advanced Protection Program, which helps protect against government-backed hackers.
Twitter said it has blocked more than 9.9 million potential spammy or automated accounts per week in May, the company said.