Social Network X announced over the weekend that it plans to discontinue the twitter.com URL for authentication. This means users who have enabled two-factor authentication using a hardware key such as a YubiKey will need to re-enroll their key by November 10th.
“By November 10th, we are asking all accounts using security keys as a two-factor authentication (2FA) method to re-register their keys to continue accessing X. You can re-register your existing security key or register a new security key,” the social network’s Safety Account posted last Friday.
Two days later, the company explained that this was necessary because it wanted to retire the old twitter.com domain. The domain change is not expected to impact other 2FA authentication systems such as Google Authenticator, Microsoft Authenticator, or Authy.
“To be clear, this change is not related to any security concerns and only affects Yubikey and Passkey, not other 2FA methods (such as authenticator apps). Security keys registered as 2FA methods are currently associated with the twitter(.)com domain. Reregistering the security key will associate the security key with x(.)com, allowing you to retire the Twitter domain,” the account says.
Christopher Stanley, a security engineer at X, xAI and SpaceX, said the move was to ensure the authenticity of the domain. “By retiring the keys registered with Twitter, we can stop hacking attempts aimed at the authenticity of the domain. Physical security keys are encrypted and registered with the Twitter domain, so they must be re-registered with X,” he said.
If you use a hardware key to protect your account, go to Settings > Security & Account Access > Two-Factor Authentication > Manage Security Keys.
It’s unclear if X plans to retire the twitter.com domain for all activity, or if this is just a security measure. We have asked the company for clarification and will update the story if we hear back.
tech crunch event
san francisco
|
October 27-29, 2025
