Protect Your Twitter Account with YubiKeys

Last updated on February 27th, 2023 at 03:34 pm

A blue Yubico Security Key in its packaging on a red keyboard. — A new Yubico Security Key. Image credit: Rebecca Lea Morris

According to a survey I ran, receiving a code via text is the most popular type of two-factor authentication (2FA). Security conscious Twitter users were therefore probably disappointed to learn that SMS 2FA will only be available to Twitter Blue subscribers from March 20th.

However, non-Twitter Blue subscribers can still protect their accounts with 2FA using an authenticator or a security key. And I’ll let you in on a little secret—security keys are quicker and easier to use than receiving a code via text, while being far more secure.

In this how-to guide, I’ll explain what security keys are and how to use them to protect your Twitter account. I’ll also show you what the login process looks like when security keys are enabled. For those of you who would prefer a video version of this guide, check out the YouTube video I made here:

What are security keys?

Security keys look very much like a thumb drive. And, like a thumb drive, they plug into your devices. Unlike a thumb drive, however, they have a button you tap to verify it’s really you logging into your account and not a fraudster.

Two YubiKeys lay on top of a keyboard — My two brightly-colored security keys. Credit: Rebecca Lea Morris.

The great thing about using security keys for 2FA is you don’t have to mess around with one-time codes at all. Once they’re set up, you just plug one in, tap and go.

They’re also the most secure form of 2FA you can use. Unlike SMS-based 2FA, they’re not vulnerable to SIM-swapping, where criminals steal your phone number to get your 2FA codes. And while SIM-swaps aren’t a problem for authenticators, phishing is. But security keys are resistant to phishing attacks, too.

How do I set up 2FA with a security key on my Twitter account?

Protecting your Twitter account with a security key is incredibly easy, though you need to have at least one, and preferably two, keys to get started. Having more than one key added to your account means you have a backup so you won’t get locked out if you lose one.

If you’re looking for security keys, you can find them over at Yubico and Google. The ones I’m using in this guide are both the YubiKey 5C NFC. However, the YubiKey Security Keys and Google security keys are cheaper, starting at $25 and $30, respectively.

The keys you buy to protect your Twitter account can also secure your Gmail, Facebook and Dropbox accounts, along with many others. You can see which accounts are compatible with YubiKeys by using Yubico’s tool here.

Once you have your keys, setting them up with your Twitter account will take just a few minutes. Here’s how you do it step by step.

Step 1: Go to the 2FA settings in your Twitter account

To do this, first select “More,” then click on “Settings and Support,” followed by “Settings and Privacy.”

Next, you’ll want to select “Security and account access,” then “security.”

Your account
Monetization
Twitter Blue
Security and account access (select this one)
Privacy and safety
Notifications
Accessibility, display and languages
Additional resources

When "Security and account access" is selected, the following options appear:
Security (select this one)
Apps and sessions
Connected accounts

Finally, click on “Two-factor authentication.”

The following options are displayed in the security menu:
Two-factor authentication (select this one)
Additional password protection

Step 2: Select “security key” and follow Twitter’s prompts

In the 2FA settings, look for “Security key” and click on the box next to it to get started.

Two-factor authentication.
Text message
Authentication app
Security key (select this one)

Twitter will tell you you’ll need to sync your security key and give it a name in order to use it to protect your account. Hit the “get started” button.

Protect your account in just two steps.
1. Sync your key.
2. Name your key
Get started (select this one)

Next, you’ll need to insert the security key into your device. Then, click “add key” to continue.

Add the security key to your Twitter account.
Add key (select this one)

A dialogue will then pop up, asking you whether you would like to use your security key or something else to create a passkey for Twitter. Select “USB security key.”

Create a passkey
Choose how you want to create a passkey for twitter.com
USB security key (select this one)
A different device

Twitter will then prompt you to touch the button on your security key, so go ahead and tap it to add it to your account.

A YubiKey plugged in to the USB port on a red laptop — Tap the button on the security key! Credit: Rebecca Lea Morris

Next, you’ll be asked to name your key. Give it a nice descriptive name so that if you need to remove it from your account later, e.g. because you lost it, you don’t accidentally delete the wrong key!

Step 3: Save your single use backup code

Once you’ve successfully set up your security key, Twitter will tell you that “You’re all set,” but don’t click that “Done” button just yet! First, save the backup code on that screen somewhere safe, as you’ll need to use it to log in if you lose all of your security keys.

You're all set
Now you can use your security key any time you log in to Twitter.
Save this single-use backup code in a safe place.
k8r2ze379qwv
This backup code lets you log in to Twitter if you don't have access to any of your two-factor authentication methods.

Remember the code is only good for one login, so if you lose your security keys, log in with the code and turn off two-factor authentication. You can then set it up again from scratch, either with new security keys or with an authenticator.

Step 4: Add a second key to your account as a backup

Once you’ve added your first key, select “Manage security keys” and you’ll find the option to “add another key.” Click it and Twitter will walk you through the process again with your second key.