After the SEC’s X account was hacked, the company quickly implemented passkey support for improved account security.
Passkeys are a relatively new standard implemented by Apple, Google, and Microsoft in partnership with the FIDO Alliance and the W3C. The system pairs a cryptographic key with a device secured via biometrics or a passcode.
On Tuesday, X joined the increasing number of apps that support passkeys. Apple added the ability to support passkeys in iOS 16, but the rollout has been slow.
Setting up a passkey for X is only possible via the iOS app. It is unavailable on Android or the web, but once set up, it can authenticate X logins as long as iCloud Passwords are in use.
To set up a passkey on X:
- Be logged into X and tap your icon in the top left corner
- Open “Settings and Privacy”
- Tap “Security and account access” then “Security”
- Under “Additional password protection” tap “Passkey”
- Enter your password when prompted, then select “Add a passkey”
- Follow the prompts, and a passkey is created
The passkey is saved to your Apple iCloud Passwords and will sync automatically so long as iCloud password sync is enabled. They require user authentication on device, like via Face ID, which then passes a private passkey to the service.
Passkeys replace the need for having unique passwords since the user’s device acts as the authenticating factor. SIM swap attacks, like what compromised the SEC account on X, won’t be possible if passkeys are enabled since access to a spoofed phone number won’t be enough for account access.
Users worried about inadvertent account access if their iPhone is stolen can activate Stolen Device Protection, which locks iCloud Passwords behind a biometric authentication without passcode fallback. Passkeys stored in iCloud Passwords protected by Stolen Device Protection make targeted attacks much more difficult.
This story originally appeared on Appleinsider