Twitter currently requires everyone to choose another two-factor authentication (2FA) method in the form of either a text message or an authentication app in addition to a physical security key. 2FA serves as a backup security method.
However, that's changing soon. Twitter announced today that it will allow you to use security keys as the only authentication method in the future. This means you won't have to turn on 2FA before you can sign in via a security key.
Secure your account (and that alt) with multiple security keys. Now you can enroll and log in with more than one physical key on both mobile and web.— Twitter Support (@TwitterSupport) March 15, 2021
And coming soon: the option to add and use security keys as your only authentication method, without any other methods turned on.
The micro-blogging site added support for third-party 2FA applications such as Google Authenticator, Microsoft Authenticator, Duo Mobile, and Authy in 2017. That made it easier to log in to your account without having to check for a text message sent to your number, which could lead to login failures when you didn't have that number with you, for example.
That said, the addition of security keys late last year introduced an extra layer of protection for your accounts and made it more seamless to sign in on mobile and desktop since you didn't have to enter a code. You only have to connect a physical security key to your computer using USB or via Bluetooth.
In addition, Twitter will let you use multiple security keys to secure and log in to your account on both mobile and desktop. Prior to this change, you could only protect your account with one security key.