X (formerly Twitter) is alerting users of passkeys and hardware-based security keys that they have until November 10th to re-enroll them for two-factor authentication, or they will lose access to their accounts. The requirement, according to reporting from Bleeping Computer, isn’t prompted by a security incident but rather by the migration of the domain from twitter.com to x.com.
The shift will cause any hardware based security keys, like Yubikey, or passkeys that are tied to twitter.com to stop working once the domains are switched over. This means that after November 10th, users will need to have re-enrolled their passkey or security key or their accounts will be locked until they do. There are a few options to get an account reinstated including re-enrolling a security key, choosing a different 2FA method, or even electing not to use two-factor authentication – though, for what it’s worth, neither X’s thread nor Tom’s Guide recommends going without this crucial security step to protect your account.
Using a passkey or security key provides extra protection against hacking and phishing attempts by verifying a user’s identity with a cryptographic key stored on a standalone device or on their computer or smartphone. This is much more secure than traditional credentials which can be more easily stolen in phishing attacks or by info-stealing malware.
How to update your security keys
Switching your passkey or security key over isn’t difficult though. You just need to head to this page: x.com/settings/account/login_verification/security_keys
And then from there, disable your existing passkey or security key, and re-enroll it.
You will need to enter your password to confirm your identity but afterwards, your passkey or security key will then be associated with the switched x.com domain. That way, your access to X won't be interrupted once the final switch from twitter.com is completed.
Given that Elon Musk waited just nine months before changing the social media platform's name from Twitter to X, it was clear that this domain change would come sooner rather than later. However, now it's almost here and if you use a passkey or security key to log into your account, now is the time to make the necessary preparations to avoid losing access.
More from Tom's Guide
- Don't wait for Black Friday — our favorite antivirus software is up to 80% off right now
- Over 180 million email accounts have been leaked — check to see if yours is on the list
- 7 things you should never share on the internet — and not the obvious ones like your address and SSN
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
