“iOS Support Update: Passkeys Now Available on X, Replacing SMS 2FA”

X, formerly Twitter, today announced support for passkeys, a new and more secure login method than traditional passwords, which will become an option for U.S. users on iOS devices. Today we’re excited to launch Passkeys as a login option for our US-based users on iOS! For instance, this January, the U.S. Securities and Exchange’s X account was hacked to share an unauthorized post regarding Bitcoin ETF approval. In the days since Musk’s takeover of Twitter/X, the company removed another security measure that helped keep accounts secure when it announced last year that it would no longer support SMS 2FA for non-paying accounts. However, the reality was that removing the security protection made Twitter less secure, as a result.

X, formerly known as Twitter, announced today the launch of passkeys, a secure and modern way to log in, as an added option for its U.S. users on iOS devices. This technology has been gaining popularity among various apps, including top names like PayPal, TikTok, and WhatsApp.

Passkeys is a convenient and highly secure method of logging in to your account, right from your device. This change comes after strong support from corporate giants such as Google, Apple, and Microsoft, alongside organizations like the FIDO Alliance and World Wide Web Consortium. The feature was previously introduced on iOS devices in September 2022 and on Google accounts in May of last year. Unlike traditional logins that rely solely on a combination of username and password, passkeys offer a more robust authentication process, utilizing biometric options like Face ID or Touch ID, a personal identification number, or even a physical security key.

This multi-factor authentication approach combines the benefits of two-step verification, making the login process both smooth and highly secure.

The addition of passkeys is a crucial step for X, especially considering the alarming incidents of account hacking we have seen in recent times. For instance, in January 2024, the X account of the U.S. Securities and Exchange Commission fell victim to hacking, leading to an unauthorized post about Bitcoin ETF approval. Other high-profile accounts that have faced security breaches include those of Donald Trump Jr., who was falsely declared deceased on X, and Apple, President Biden, and even X’s owner, Elon Musk, during a widespread crypto scam in 2020. The hacked accounts were used to promote a fake Bitcoin wallet that promised to double investments. (Note that this occurred before Musk’s acquisition of Twitter, which was then known as X).

Since the takeover, X has also removed another security feature that helped safeguard its users. Last year, the company announced that it would no longer support SMS 2FA for non-paying accounts. While the reason given was the potential risk of the method being exploited by malicious actors, the move ultimately made X less secure.

X has provided instructions on how to get started with passkeys on iOS, but no specific timeline has been shared for its availability on other platforms or in other markets beyond the U.S.