X has implemented a security enhancement for iOS users in the United States, enabling them to log in using passkeys. These passkeys, associated with the specific iOS device, offer increased protection against phishing attacks and unauthorized access attempts. The new feature aims to minimize the risk of breaches by eliminating the reliance on traditional passwords, providing users with a more secure and convenient login experience. Passkeys are constructed using public key cryptography from the WebAuthentication standard, ensuring maximum security as the private key remains on the user’s device, and the passkey is never shared with X.
To add a passkey, users need to log into their accounts, navigate to “Settings and privacy,” select “Security and Account Access,” and then choose “Passkey” under “Additional password protection.” Passkeys sync across iOS devices using iCloud Keychain, ensuring redundancy in case of device loss. This synchronization also allows users to recover passkeys through iCloud Keychain escrow if all devices are lost. While X encourages all iOS users in the U.S. to adopt passkeys for enhanced security, they are currently not mandatory for logging in, providing users with the flexibility to choose this added layer of protection.
The passkey implementation follows a series of high-profile account hijackings on X since the beginning of the year. Notable accounts, including the U.S. Securities and Exchange Commission, cybersecurity firm Mandiant and CertiK, as well as companies like Netgear and Hyundai, have been targeted for crypto-draining schemes. With the introduction of passkeys, X aims to bolster security measures and protect users from unauthorized access, emphasizing the importance of this new feature in the face of evolving cybersecurity threats.
This security update aligns with the broader industry trend of enhancing authentication methods, moving away from traditional passwords, and adopting more secure alternatives. The use of passkeys, based on public key cryptography, reflects a commitment to providing users with robust protection against the growing sophistication of cyber threats.
Reference:
