X is finally going to allow passkeys - but only for some users

Twitter
Twitter combats hate speech bans racism (Image credit: Shutterstock)

X (previously known as Twitter) will now let its users login with a passkey instead of a password - but only on iOS devices.

X announced its intentions to adopt the passwordless technology a while back, and now it has launched the feature for iPhone users. It allows for a quicker way to login, only requiring users to authenticate with whatever they use to lock their device, such as their fingerprint, FaceID, or PIN. 

They are also thought to be safer, since the underlying cryptographic key is generated by the device and not known to anyone, not even the user. This means they are phishing-resistant, so cybercriminals can't try and coax them out of targets using fake emails and social engineering tactics.

Only for iPhones

Passkeys are the brainchild of the FIDO Alliance, who set the technological standards for them. They use the WebAuthn standard, which is a key component of the FIDO2 specifications. Most of big tech are board level members of the alliance, including Apple, Google, and Microsoft.

The private portion of the passkey is stored on device and never shared with X. 

To setup passkeys on X, login to the X app on iPhone and navigate to "Settings and privacy" under "Your account". Then go to "Security and account access" and then "Security". Tap "Passkey" under "Additional password protection" and follow the instructions. You can also delete a passkey from the same menu at any time. 

Although X isn't making passkeys mandatory, it does strongly encourage users to start using them. Currently, users must have an account with X that is secured with a password first, before they can then setup a passkey, although the company says users should "stay tuned" on this front.

Since iOS devices are the only ones capable of logging into X with a passkey (for now), users will have their passkey synced across their Apple devices thanks to Apple's Keychain password manager, which means that multiple iOS devices can be used to login to X with a passkey.

If a user loses all their devices containing their passkey, then a password can still be used to login to X, or users can recover their passkeys from Apple using the iCloud Keychain Escrow.

MORE FROM TECHRADAR PRO

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.