In a critical update for users of the social media platform X (formerly known as Twitter), all individuals who use hardware security keys for two-factor authentication (2FA) must re-enroll their keys by November 10, 2025. Failure to meet this deadline will result in losing access to their accounts, underscoring the importance of adapting to X’s recent domain migration.
Why This Change Is Happening
X has transitioned from the twitter.com domain to x.com for user authentication purposes. This shift means that security keys tied to the old twitter.com domain will no longer work for login verification. To maintain account security and access continuity, users must register their hardware security keys, such as YubiKeys or passkeys, under the new x.com domain.
Who Is Affected?
The change specifically targets users leveraging hardware-based security keys and passkeys for 2FA. These physical authentication devices are linked to the domain they were initially registered with, so the domain swap requires users to re-authenticate. Users relying on authenticator apps like Google Authenticator, Microsoft Authenticator, or Authy are not impacted because these apps are tied directly to the user account rather than the domain.
Steps Users Need to Take
To avoid being locked out, users must:
- Re-enroll their existing security key or passkey on the x.com domain before the November 10 deadline.
- Optionally, enroll new security keys if preferred.
- Understand that failing to act will block account access until re-enrollment or switching to a different 2FA method occurs.
Potential Consequences of Missing the Deadline
Users who do not re-enroll their hardware keys by the deadline will face account lockout. Recovering access would then require following potentially cumbersome procedures, such as resetting 2FA methods or temporarily disabling 2FA, which could jeopardize account security. This disruption poses a significant risk for those depending on X for professional or communication purposes.
Final Thoughts
This update is not triggered by any security breach but is a necessary technical adjustment stemming from X’s domain migration. The company has emphasized the importance of maintaining robust authentication practices and cautions against disabling two-factor authentication entirely. Users should heed this deadline firmly as no extensions are anticipated.
In summary, if you use hardware security keys or passkeys with X, ensure you re-enroll them on the new x.com domain before November 10, 2025, to avoid losing access to your account.
