X (previously Twitter) has introduced that customers who depend on safety keys for two-factor authentication (2FA) should re-enroll their keys by November 10, 2025, to maintain accessing their accounts. The corporate says the change is important because it completes the transfer from twitter.com to x.com, a course of that impacts how its safety system recognises customers’ credentials.
In a submit from the @Security account, X mentioned that anybody utilizing a {hardware} safety key or passkey must re-enroll it underneath the brand new area. “By November 10, we’re asking all accounts that use a safety key as their two-factor authentication (2FA) methodology to re-enroll their key to proceed accessing X,” the submit learn.
Customers can re-enroll the identical key or arrange a brand new one, however older keys will cease working in the event that they aren’t re-registered. Nonetheless, after tweets from customers questioning the transfer, X clarified that this replace just isn’t associated to any safety incident and solely impacts folks utilizing YubiKeys or passkeys, not these utilizing apps like Google Authenticator or SMS-based codes.
The corporate says the change comes right down to how safety keys really work. These gadgets use a protocol that linking every registered key to a selected internet area. Since X’s login pages are shifting from twitter.com to x.com, the credentials registered underneath the previous area received’t work on the brand new one. Safety keys are constructed to disregard login requests from domains they weren’t initially registered with, a characteristic meant to cease phishing assaults.
This implies customers should create new credentials for x.com. As soon as they do, their accounts will work as regular. In the event that they don’t re-enroll by November 10, their accounts will likely be locked till they both re-register the important thing, swap to a different 2FA methodology, or flip off 2FA fully (although X advises towards disabling it).
