January 23, 2024 at 03:25PM
X, formerly Twitter, introduces passkeys for iOS users in the U.S., providing enhanced security against breaches and phishing attacks. Passkeys, utilizing public key cryptography, offer protection linked to the device and eliminate the need for complex passwords. While recommended, they are not mandatory following recent account hijacking incidents.
Key Takeaways from the Meeting Notes:
– X (formerly Twitter) announced that iOS users in the United States can now log into their accounts using passkeys.
– Passkeys will be linked to the iOS device they’re generated on and will significantly reduce the risk of breaches by providing protection against phishing attacks and unauthorized access attempts.
– They will also enhance user experience and security by eliminating the need to remember complex passwords.
– Passkeys serve as an online credential associated with your account and automatically authenticate your account using the server’s public passkey.
– Passkeys sync across iOS devices using iCloud Keychain, ensuring redundancy if a device is lost. They can also be recovered through iCloud keychain escrow if all devices are lost.
– To add a passkey, users need to log into their account, navigate to “Settings and privacy” > “Security and Account Access” and then select “Passkey” under “Additional password protection.”
– Once set up, users can log in without entering their password or using two-factor authentication (2FA).
– Passkeys are constructed using public key cryptography from the WebAuthentication (or ‘WebAuthn’) standard, with the public key shared and stored on X while the private key remains on the user’s device. This ensures maximum security and reduces the likelihood of unauthorized account access.
– While X encourages all iOS users in the United States to use passkeys for account security, they are not yet required for logging in.
– This announcement follows hijacking of high-profile X accounts to push crypto drainers, including the U.S. Securities and Exchange Commission, cybersecurity firm Mandiant and CertiK, and companies like Netgear and Hyundai.