Social network X has announced it will retire its twitter.com URL for authentication. This change means users who have enabled two-factor authentication using a hardware security key, such as a YubiKey, must re-enroll their keys before November 10 to maintain account access.
The company’s safety account stated that all accounts using a security key for two-factor authentication are required to re-enroll their existing key or enroll a new one. This step is necessary because the company is moving to retire its old twitter.com domain.
The domain change is not expected to impact other two-factor authentication methods like Google Authenticator, Microsoft Authenticator, or Authy. The company clarified that this change is not related to any security concern and only affects physical security keys and passkeys. Security keys currently tied to the twitter.com domain need to be re-associated with the x.com domain to allow for the retirement of the Twitter domain.
Christopher Stanley, a security engineer at X, xAI, and SpaceX, explained that the move is to ensure domain trust. He stated that physical security keys are cryptographically registered to Twitter’s domain and must be re-enrolled under X to stop using workarounds for domain trust.
Users who employ a hardware key to secure their account should go to their Settings, then Security and account access, followed by Two-factor authentication, and finally Manage security keys to complete the re-enrollment.
It remains unclear if X plans to retire the twitter.com domain for all activities or if this is solely a security measure. The company has been asked for clarification.