X, formerly Twitter, today was announced support for passwords, a new and more secure login method than traditional passwords, which will become an option for US users on iOS devices. The technology has recently been adopted by many apps, including PayPal, TikTok, WhatsApp and others.
Initiated by Google, Apple, Microsoft and the FIDO Alliance, alongside the World Wide Web Consortium, password technology aims to make password-free logins available across different devices, operating systems and web browsers. The feature arrived on iOS devices in September 2022 and Google Accounts last May. Unlike logins that rely only on a username and password combination, Access Keys use biometric authentication such as Face ID or Touch ID, a PIN, or a physical security authentication key to validate login attempts. This process combines the benefits of two-factor authentication (2FA) into a single step to make the login process more seamless while also being more secure.
The addition is particularly useful for X given high-profile hacks that have seen accounts on the service compromised by bad actors. For example, this January, the US Securities and Exchange’s X account was hacked to share an unauthorized post about the approval of the Bitcoin ETF. Other notable hacks include Donald Trump Jr.’s X account, which was used to post a fake message saying Donald Trump had died, and a widespread crypto scam in 2020 that led to the breach of major accounts, including Apple accounts, President Biden. and even X owner Elon Musk’s account, among others. In that case, the accounts were used to publish a message promoting a Bitcoin wallet address with the promise of doubling payments in return. (This hack was before Musk bought Twitter, now called X).
In the days following Musk’s acquisition of Twitter/X, the company removed another security measure that helped keep accounts safe when it announced last year that it would no longer support SMS 2FA for non-paying accounts. Twitter (then it was Twitter, not X!) justified the change, likely a cost-cutting measure saying The method could be abused by bad actors, as in the case of SIM swapping. However, the reality was that removing security protection made Twitter less secure as a result.
X shared instructions on how to get started with iOS passwords but the company didn’t say when the option would be available on other platforms or in more markets outside the US