X is finally going to allow passkeys - but only for some users

Twitter
Twitter combats hate speech bans racism (Image credit: Shutterstock)

X (previously known as Twitter) will now let its users login with a passkey instead of a password - but only on iOS devices.

X announced its intentions to adopt the passwordless technology a while back, and now it has launched the feature for iPhone users. It allows for a quicker way to login, only requiring users to authenticate with whatever they use to lock their device, such as their fingerprint, FaceID, or PIN. 

They are also thought to be safer, since the underlying cryptographic key is generated by the device and not known to anyone, not even the user. This means they are phishing-resistant, so cybercriminals can't try and coax them out of targets using fake emails and social engineering tactics.

Only for iPhones

Passkeys are the brainchild of the FIDO Alliance, who set the technological standards for them. They use the WebAuthn standard, which is a key component of the FIDO2 specifications. Most of big tech are board level members of the alliance, including Apple, Google, and Microsoft.

The private portion of the passkey is stored on device and never shared with X. 

To setup passkeys on X, login to the X app on iPhone and navigate to "Settings and privacy" under "Your account". Then go to "Security and account access" and then "Security". Tap "Passkey" under "Additional password protection" and follow the instructions. You can also delete a passkey from the same menu at any time. 

Although X isn't making passkeys mandatory, it does strongly encourage users to start using them. Currently, users must have an account with X that is secured with a password first, before they can then setup a passkey, although the company says users should "stay tuned" on this front.

Since iOS devices are the only ones capable of logging into X with a passkey (for now), users will have their passkey synced across their Apple devices thanks to Apple's Keychain password manager, which means that multiple iOS devices can be used to login to X with a passkey.

If a user loses all their devices containing their passkey, then a password can still be used to login to X, or users can recover their passkeys from Apple using the iCloud Keychain Escrow.

MORE FROM TECHRADAR PRO

Lewis Maddison
Staff Writer

Lewis Maddison is a Staff Writer at TechRadar Pro. His area of expertise is online security and protection, which includes tools and software such as password managers. 


His coverage also focuses on the usage habits of technology in both personal and professional settings - particularly its relation to social and cultural issues - and revels in uncovering stories that might not otherwise see the light of day.


He has a BA in Philosophy from the University of London, with a year spent studying abroad in the sunny climes of Malta.