large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Twitter brings in WebAuthn two-factor authentication to help protect accounts

Twitter has supported 2FA (two-factor authentication) for many years but is now looking to up its game. Thanks to added support for the WebAuthn standard, there’s now no need to use your mobile phone number as a way of proving your identity.

That’s good news, because although generally more secure than relying on just a password, for a determined hacker, this particular method of 2FA was vulnerable to SIM-swapping attacks.

Related: Best Android apps

As Twitter points out in the blog post announcing the change, it’s actually supported security keys for over a year, but it still required you to link your phone number as a backup. It also relied on the FIDO U2F standard, which the company concedes is only supported by a handful of browsers and authenticators. 

WebAuthn, on the other hand, looks set to be far more widely updated. As Twitter writes: “The WebAuthn API allows for strong browser-to-hardware-based authentication using devices such as security keys, mobile phones (NFC, BLE), and other built-in authenticators such as TouchId.

“Given its relative benefits, WebAuthn is supported by most modern browsers including Chrome, Edge, Firefox and enjoys better coverage when compared to the former U2F standard.”


For the moment, Twitter says it only supports physical security key authenticators with WebAuthn, but the company says that it “expect[s] to add support for other options in the future.” If you have a supported authenticator already, you can register it by heading to your account page, clicking through to “Security” and then “Two-factor authentication”. 

Not being vulnerable to SIM-swap attacks is only one reason security-conscious people may be relieved by the shift away from phone numbers. Having your phone number attached to an online account isn’t great for privacy – especially when Twitter has already admitted to tying said numbers to advertising for a time by mistake.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.