Elon Musk has removed the need to use a password with his social media service X, formerly known as Twitter. X has been experimenting with so-called passkeys, which have long been hailed as the harbinger of doom for traditional passwords, since the start of the year.
But it wasn't until this week that Elon Musk and his team of engineers switched-on the feature for millions of users globally. The launch was confirmed in a post by the @Safety account on the platform, writing: "Passkeys is now available as a login option for everyone globally on iOS!"
Update: Passkeys is now available as a login option for everyone globally on iOS! Try it out.https://t.co/v1LyN0l8wF
— Safety (@Safety) April 8, 2024
X says the switch from passwords to passkeys is "designed to streamline sign-ins across multiple devices". In a blog post, the popular social network, which was acquired by SpaceX co-founder Elon Musk back in October 2022, adds that passkeys "provide enhanced security compared to traditional passwords since they are individually generated by your device for each account, making them less susceptible to phishing attacks and unauthorized access."
But what is a passkey? And how do you get started with this new password-less login?
Passkeys were developed by the FIDO Alliance, an industry body with the stated aim of helping to "reduce the world’s over-reliance on passwords" with the likes of Apple, Google and Microsoft amongst its members. First promoted as an alternative to passwords back in mid-2022, the clever system relies on the same biometrics that allow you login to your iPhone, iPad, Windows PCs, Samsung phones and tablets, Android phones, and dozens more, without typing out a password or PIN.
Using the facial or fingerprint recognition built into your device, the operating system will then vouch for you to the app or website that you're trying to access — completely bypassing the need for a password.
If you're the sort of person who regularly finds themselves tapping the "Forgot Password?" prompt when trying to login to a website or app, passkeys could then perfect solution as there's nothing to remember. Since every account gets its own bespoke passkey, even if one of these services is hacked (as we've seen happen sooftenlately) there's no risk to your other accounts.
This removes one of the biggest threats to online security: when users rely on the same email address and password combination for multiple online accounts. It only takes one of these websites to be breached for some of the most important online services that you rely upon, including online banking, email, and shopping sites with saved card details, to fall like dominoes. This common hack is known as credential stuffing, and it's one of the reasons that fraudsters will spend money on leaked logins on the Dark Web.
Social engineering, which sees hackers correctly break into your profile by knowing real details about your life — mother's maiden name, the street you grew up on, first pet, and the like — to pass the account recovery steps, isn't possible with passkeys either.
If you find yourself on a website or app that supports passkeys — like X on iPhone — you'll be able to create an account that forgoes an old-fashioned password. During the process, you'll be asked to confirm your authenticator.
This is the service that will verify your identity. It can be a smartphone with biometrics, like Face ID or Touch ID on the iPhone, another mobile device, a laptop or desktop PC with Windows Hello, or a password manager. A number of the most popular password managers already support passkeys and will verify your identity and then autofill any login details on the website or app.
NordPass, a popular password manager, has been updated to store encrypted passkey and synchronise these secure logins across all of your devices
NORDPASS PRESS OFFICE
iPhone, Android, Windows 10, and Windows 11 have all been updated to support passkeys.
Most often, these unique codes will be encrypted and stored online, using a service like iCloud or Google Password Manager, so you can authenticate your login from multiple devices. It also has the benefit of ensuring that all of your login details will be waiting for you if you upgrade to a new phone, laptop, or tablet in the future.
Password managers like 1Password, LastPass, or NordPass will keep your passkey safely stored across devices. These services offer apps dozens of the most popular devices, from smartphones to web browsers, so you'll always be able to login with a tap.
Some of these apps will rely on a single master password to secure your vault of login credentials, while others support fingerprint scanners and facial recognition.
Chrome, Edge, Safari and Firefox have all been updated to support passkeys. Just ensure you're running Chrome version 79 or higher, version 13 or newer for Safari, and Firefox version 60 or more recent.
LATEST DEVELOPMENTS
If you're ready to change the way you login to X from a password to a passkey, there are a few steps to follow:
