Ask Dave Taylor
  • Facebook
  • Instagram
  • Linkedin
  • Pinterest
  • Twitter
  • YouTube
  • Home
  • YouTube Videos
  • Top Categories
  • Subscribe via Email
  • Ask A Question
  • Meet Dave
  • Home
  • Twitter Help
  • Can I Require a Security Key for a Twitter Account Login?

Can I Require a Security Key for a Twitter Account Login?

March 2, 2020 / Dave Taylor / Twitter Help / No Comments

I’ve become increasingly paranoid about other people gaining access to my Twitter account and want to utilize a security ID key like I have at work for my account access. Is that possible with Twitter?

Twitter has quite a few different ways you can tighten the metaphorical hatches on your account, ways to increase your security and ensure that no-one can log in to your account even if they have your account name and password. Indeed, between malware, key sniffers, risky open wi-fi networks and phishing sites it’s surprising anyone relies on just a password as account security. Your timing is also very good because I’ve been testing out a FIDO2 / FIDO U2F security key from a company called GoTrust and your question motivated me to try the device with my own Twitter account.

A brief aside about security: You goal for securing an account is to make it very difficult for bad guys but not also impossible for you to log in successfully. Security revolves around what you know, who you are, where you are and what you have. What you know is exemplified by your password. Who you are is biometrics, so if Twitter could use a fingerprint or retina scan, that would be a solid option too, quite hard to fake. Where you are could automatically detect a login attempt from the other side of the world, say, and reject it. Finally, what you have are known as tokens or semaphores and the easiest example of that is your smartphone: The site sends you a security key via text message and you dutifully enter it on your computer. None of these are perfect, of course, but a combination of factors makes things considerably more difficult than any one factor by itself.

Here’s what the GoTrust Idem Security Key ($22 on Amazon) I’m using looks like:

gotrust-security-key

It’s roughly the size of a house key, but without all the sharp edges. You can’t tell, but the circular portion is a sensor and the key is enabled by simply touching or gently pressing on the sensor after you’ve inserted it into a USB port on your computer. Once you have it all hooked up, that is. So let’s jump into Twitter and set it up!

When I go to log in to my FilmBuzz film industry news Twitter account, I already have it set up for text message confirmation on login, so after correctly entering my account and password, I see this:

twitter login options

What’s important is the link at the bottom: “Choose a different two-factor authentication method“. Of course you can’t change without being logged in first, so this time I’ll still need to use the SMS text security code as is normal. But once I’m logged in successfully, I’ll want to click on “More” from the left side menu (all of this is in a Web browser on a computer):

twitter main menu left

The “More” link opens up a completely different set of menu choices that are pretty darn important to your account security, setup, configuration, etc:

twitter more menu settings security

So many options, eh? You’ll want to click on “Settings and privacy” and, finally, you’ll see quite a few different options related to Twitter account access. Choose “Account” from the list on the left and you’ll get to the Login and security section:

twitter account settings and security

Not sure your password is secure? You can click on “Password” to change it. But to add the Security Key, you’ll want to click on “Security” just below the Password link. This is also the path to adding sms text two-factor authentication as another security option if you want that instead (or in addition).

twitter account security settings 2fa two factor phone sms security key

There are three options here, and you can select any – or all – of them as desired. Text message is easy; Twitter sends a six-digit one-time security code that you then enter before you can log in. No phone, no login. An Authentication app can be helpful if you are already using something like Google or Microsoft Authenticator for other secure sites. Finally, Security key is for a physical key like the GoTrust device. Click on the third box to enable Security key to proceed.

You’ll need to reaffirm you have legit access to the Twitter account:

twitter confirm - enter your password

Then you will finally be in the right area to set up your security key!

Twitter explains:

Twitter use security key secure login account

Important to note here is the phrase “supported web browser”. Turns out that while just about all of the modern browsers on major computer systems support security keys, if you use something a bit obscure you might want to check with the security key vendor to ensure compatibility. I have found the GoTrust key works fine with Safari on Mac and Microsoft Edge on Windows.

To proceed, click or tap on “Start” and, finally, you can enter your security key into a USB port and tap or push on the sensor to enable the key’s functionality:

touch security key - fido u2f login

Touch the sensor and it’ll flash a cool dark blue then communicate with the Web browser (and thereby Twitter) the needed data. It’s not a code or key, however, it’s the public encryption key of the Security Key itself. In fact, while the security key looks fairly simple, it’s actually an encryption micro-computer; every time you use it to verify identity it’ll be given a sequence of letters and digits, push that through your public and private key encryption data, and return a unique and always changing result. Public key encryption is pretty amazing, actually; learn more about it here: How does public key encryption work?

Assuming it does work – and it will! – you’ll then see this:

twitter account security - public key security enabled

Awesome. You’re done! To test it out, log out and try to log in to your Twitter account again…

log in to twitter account

It all looks pretty normal, right? But this time when you click on “Log in” there’s a second prompt!

twitter - second factor two factor authentication login

I have a lot of options set up, as you can see, but I’m going to use the GoTrust security key so I’ll click on “Security key“. The browser them prompts me to insert the key and enable it by touching the sensor:

twitter - log in using fido security key

A tap and I’m logged in. As, hopefully, you are too. Now just keep that security key on your keychain or clipped to your purse or backpack and even if someone has your password they won’t be able to successfully log in to your Twitter account. Pretty cool, eh?

Note: GoTrust sent me the Idem Key security key for testing purposes. It’s $22 on Amazon, however, so quite affordable, with no additional software needed on Mac or Windows.

About the Author: Dave Taylor has been involved with the online world since the early days of the Internet. Author of over 20 technical books, he runs the popular AskDaveTaylor.com tech help site. You can also find his gadget reviews on YouTube and chat with him on Twitter as @DaveTaylor.

Let’s Stay In Touch!

Never miss a single article, review or tutorial here on AskDaveTaylor, sign up for my fun weekly newsletter!
Name: 
Your email address:*
Please enter all required fields
Correct invalid entries
No spam, ever. Promise. Powered by FeedBlitz
Please choose a color:
Starbucks coffee cup I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you, Dave, for all your helpful information by buying you a cup of coffee!
public key encryption, twitter account security, twitter security, twitter security key, two factor authentication

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

Recent Posts

  • How to Check AirPods Pro Case Charge Level on a Mac
  • How to Adjust Equalizer EQ Settings on an Amazon Echo Speaker
  • Can I Read Ebooks for Free on my iPhone in the Books app?
  • Google Form: Acknowledge Membership? To What??
  • Tools That’ll Help You Monitor Vehicle Location and Maintenance Like a Pro

On Our YouTube Channel

BenQ IdeaCam S1 Pro Flexible HD Webcam -- DEMO & REVIEW

Amazon Echo POP Smart Speaker with Alexa -- UNBOXING, DEMO & REVIEW

Categories

  • AdSense, AdWords, and PPC Help (106)
  • Alexa, Kindle, and Nook Help (101)
  • Amazon, eBay, and Online Shopping Help (166)
  • Android Help (234)
  • Apple iPad Help (151)
  • Apple Watch Help (54)
  • Articles, Tutorials, and Reviews (346)
  • Auto Tech Help (20)
  • Business Advice (201)
  • ChromeOS Help (39)
  • Computer & Internet Basics (790)
  • d) None of the Above (166)
  • Facebook Help (385)
  • Google, Chrome & Gmail Help (192)
  • HTML & Web Page Design (248)
  • Instagram Help (49)
  • iPhone & iOS Help (633)
  • iPod & MP3 Player Help (173)
  • LinkedIn Help (90)
  • Linux Help (178)
  • Linux Shell Script Programming (90)
  • Mac & MacOS Help (921)
  • Most Popular (16)
  • Outlook & Office 365 Help (35)
  • PayPal Help (68)
  • Pinterest Help (54)
  • Reddit Help (21)
  • SEO & Marketing (82)
  • Spam, Scams & Security (100)
  • Trade Show News & Updates (23)
  • Twitter Help (224)
  • Video Game Tips (66)
  • Web Site Traffic Tips (62)
  • Windows PC Help (964)
  • Wordpress Help (206)
  • Writing and Publishing (72)
  • YouTube Help (47)
  • YouTube Video Reviews (159)
  • Zoom, Skype & Video Chat Help (65)

Archives

Social Connections:

Ask Dave Taylor


Follow Me on Pinterest
Follow me on Twitter
Follow me on LinkedIn
Follow me on Instagram


AskDaveTaylor on Facebook



microsoft insider mvp


This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this site or on any linked site. Further, please note that by submitting a question or comment you're agreeing to our terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site. Our lawyer says "Thanks for your cooperation."
© 2023 by Dave Taylor. "Ask Dave Taylor®" is a registered trademark of Intuitive Systems, LLC.
Privacy Policy - Terms and Conditions - Accessibility Policy