X (formerly known as Twitter) now lets its users log in with a password instead of a password, but only on iOS devices.
X announced its intention to adopt passwordless technology a while ago, and it has now done so launched the feature for iPhone users. It enables a faster way to log in, where users only need to authenticate with whatever they use to lock their device, such as their fingerprint, FaceID or PIN.
They are also thought to be more secure because the underlying cryptographic key is generated by the device and is not known to anyone, not even the user. This means they are phishing-resistant, so cybercriminals can’t try to lure them out of their targets using fake emails and social engineering tactics.
Only for iPhones
Passwords are the brainchild of the FIDO Alliance, which set the technological standards for them. They use the WebAuthn standard, an important part of the FIDO2 specifications. Most major tech companies are board-level members of the alliance, including Apple, Google and Microsoft.
The private part of the passkey is stored on the device and never shared with X.
To set passcodes on X, log into the X app on iPhone and navigate to “Settings & Privacy” under “Your Account.” Then go to “Security and account access” and then to “Security”. Tap “Passkey” under “Additional Password Protection” and follow the instructions. You can also remove a password from the same menu at any time.
Although X does not require passkeys, it strongly encourages users to start using them. Currently, users must first have a password-protected account with X before they can then set a password, although the company says users should “stay tuned” on this front.
Since iOS devices are the only ones that can (for now) use a password to log into X with a password.
If a user loses all their devices with their passkey, a password can still be used to log into X, or users can recover their passkeys from Apple using the iCloud Keychain Restore.