X, formerly known as Twitter, today announced support for passkeys, a new and more secure login method than traditional passwords, which will become an option for U.S. users on iOS devices. The technology has been adopted by a number of apps as of late, including PayPal, TikTok, WhatsApp, and others, TechCrunch reported.
Initiated by Google, Apple, Microsoft, and the FIDO Alliance, alongside the World Wide Web Consortium, passkey technology aims to make password less logins available across different devices, operating systems, and web browsers. The feature arrived on iOS devices in September 2022, and Google accounts last May, according to TechCrunch.
Unlike logins which rely on a username and password combination, passkeys use a biometric authentication like Face ID or Touch ID, a PIN or a physical security authentication key to validate login attempts. This process combines the benefits of two-factor authentication (2FA) into a single step, to make the login process more seamless while also being more secure.
X, formerly Twitter, posted information about How to use passkeys:
Passkey is a feature that allows a secure and convenient alternative to passwords, designed to streamline sign-ins across multiple devices. Passkeys provide enhanced security compared to traditional passwords since they are individually generated by your device for each account, making them less susceptible to phishing attacks and unauthorized access.
Passkey is currently only available to use when logging in on iOS.
Why should I use a passkey?
We encourage users to enroll in passkey for the following benefits:
* Seamless log in experience: Passkeys make signing easy and convenient. Once you are set up, you can use your passkey to log in to your account across different devices without having to remember or reset a forgotten password.
* Advanced security: Passkeys provide a stronger level of security for your account. Since they are uniquely generated by your device, they are less vulnerable to security threats as fraudulent, deceptive, or unauthorized attacks.
How does passkey work?
Passkeys are constructed using public key cryptography from the WebAuthentication (or “WebAuthn”) standard. When you register an account, your device generates a unique key pair – one public and one private — for each account. The public key is shared and stored on X, while the private key remains on your device. Your passkey is never shared with X to ensure maximum security, and further reducing the likelihood of unauthorized account access.
Is a passkey mandatory for login?
Passkeys are highly encouraged to enhance your account’s security, but it is not required for login.
Engadget reported that X says it won’t require users to sign up for passkeys, but it’s not a bad idea to do so if you find other multi-factor authentication methods (such as inputting a code from an authenticator app cumbersome). Passkeys also effectively nullify X’s SMS-based two-factor authentication method, which the company has paywalled behind X Premium.
In my opinion, it might not be a bad idea to consider whether or not you want to use a passkey on your X account(s). Personally, Im not sure what I think about it.