Overview
- Users who rely on hardware security keys or passkeys must re-enroll them to x.com by November 10 or their accounts will be temporarily locked until they update or switch 2FA.
- X says affected users will see prompts to re-enroll, and the process is available in Settings → Security and account access → Security → Two-factor authentication; adding a new key disables older ones unless they are also re-enrolled.
- Authenticator apps such as Google or Microsoft Authenticator and SMS codes are not affected, though X advises keeping some form of two-factor authentication enabled.
- Company posts and an X security engineer attribute the change to domain trust, noting keys were cryptographically registered to twitter.com and must be associated with x.com.
- Retiring twitter.com raises wider concerns about broken links, embeds, and legacy integrations that still reference the old domain.