Social network X announced over the weekend that it will retire its twitter.com URL for authentication. This means users who use a hardware security key, like a YubiKey, for two-factor authentication must re-enroll their keys before November 10.
The company’s safety account stated that all accounts using a security key as their two-factor authentication method need to re-enroll their key to continue accessing X. You can re-enroll your existing security key or register a new one.
Two days later, the company explained this step is necessary because it wants to retire its old twitter.com domain. The domain change is not expected to impact other two-factor authentication methods like Google Authenticator, Microsoft Authenticator, or Authy.
To clarify, this change is not related to any security concern and only impacts physical security keys and passkeys. Security keys enrolled as a two-factor authentication method are currently tied to the twitter.com domain. Re-enrolling your security key will associate it with x.com, allowing the company to retire the Twitter domain.
Christopher Stanley, a security engineer at X, xAI, and SpaceX, said this move is to ensure domain trust. He stated that getting off of Twitter-enrolled keys will stop the need for workarounds related to domain trust. Physical security keys are cryptographically registered to Twitter’s domain and need to be re-enrolled under X.
If you use a hardware key to secure your account, you should go to Settings, then Security and account access, then Two-factor authentication, and finally Manage security keys to complete the re-enrollment.
It is not clear if X plans to retire the twitter.com domain for all activities or if this is solely a security measure. The company has been asked for clarification.