X, formerly Twitter, today announced support for passkeys, a new and more secure login method than traditional passwords, which will become an option for U.S. users on iOS devices. The technology has been adopted by a number of apps as of late, including PayPal, TikTok, WhatsApp, and others.
Today we’re excited to launch Passkeys as a login option for our US-based users on iOS!
A passkey is a new, easy to use, and secure way to log in to your account – all from your device. Passkeys are more secure than traditional passwords since they’re individually generated by…
— Safety (@Safety) January 23, 2024
Initiated by Google, Apple, Microsoft, and the FIDO Alliance, alongside the World Wide Web Consortium, passkey technology aims to make passwordless logins available across different devices, operating systems, and web browsers. The feature arrived on iOS devices in September 2022 and on Google accounts last May. Unlike logins which rely only on a username and password combination, passkeys use a biometric authentication like Face ID or Touch ID, a PIN, or a physical security authentication key to validate login attempts. This process combines the benefits of two-factor authentication (2FA) into a single step, to make the login process more seamless while also being more secure.
The addition is a particularly useful one for X, given the high-profile hacks that have seen accounts on the service compromised by bad actors. For instance, this January, the U.S. Securities and Exchange’s X account was hacked to share an unauthorized post regarding Bitcoin ETF approval. Other notable hacks have included Donald Trump Jr.’s X account, which was used to post a fake message saying that Donald Trump had passed away, as well as a widespread 2020 crypto scam that saw large accounts compromised, including Apple’s, President Biden’s, and even X owner Elon Musk’s account, among others. In that case, the accounts were used to post a message promoting the address of a Bitcoin wallet with the promise of doubling payments in return. (This hack was prior to Musk’s acquisition of Twitter, now called X).
In the days since Musk’s takeover of Twitter/X, the company removed another security measure that helped keep accounts secure when it announced last year that it would no longer support SMS 2FA for non-paying accounts. Twitter (it was Twitter then, not X!) justified the change, likely a cost-cutting measure, by saying the method could be abused by bad actors, such as in the case of SIM swaps. However, the reality was that removing the security protection made Twitter less secure, as a result.
X shared instructions on how to get started with passkeys on iOS but the company didn’t say when the option would be available on other platforms or to more markets beyond the U.S.