Secure Your X Account: Re-Register 2FA Key by Nov 10

If you use a physical security key like a YubiKey to protect your X account, you need to take action before November 10. The platform is phasing out the twitter.com domain for authentication, which requires users to re-register their hardware security keys under the new x.com domain to maintain two-factor protection.

X’s safety team announced last Friday that all accounts relying on a security key for two-factor authentication must re-enroll their keys by the deadline. You can either re-enroll your current key or add a new one. A follow-up post clarified that this step is necessary because the company is retiring the old twitter.com domain. Importantly, the change does not affect other 2FA methods, such as authenticator apps from Google, Microsoft, or Authy.

According to the company, the update is not linked to any security incident. Instead, it reflects a technical shift tied to the domain migration. Security keys currently registered to twitter.com must be reassociated with x.com so the legacy domain can be fully retired.

Christopher Stanley, a security engineer at X, xAI, and SpaceX, explained that the move addresses domain trust issues. He noted that physical security keys are cryptographically bound to Twitter’s domain, and re-enrolling them under X eliminates the need for workarounds related to domain trust.

To update your security key, navigate to Settings, select Security and account access, go to Two-factor authentication, and choose Manage security keys. It remains unclear whether X intends to retire the twitter.com domain for all functions or if this is purely a security-related adjustment. The company has been asked for additional details, and this information will be updated when a response is received.

(Source: TechCrunch)