Twitter has warned users that if they do not re-register their security keys for two-factor authentication by November 10th, their accounts will be locked due to the discontinuation of their Twitter domain.
On October 25, 2025, Japan time, the safety team at X (formerly Twitter) called on users to re-register the security keys they use for two-factor authentication when logging into their accounts. This move is due to the discontinuation of the domain 'twitter.com,' which was used when X was still Twitter.
After November 10, if you haven't re-enrolled a security key, your account will be locked until you: re-enroll; choose a different 2FA method; or elect not to use 2FA (but we recommend always you use 2FA to protect your account!).
— Safety (@Safety) October 24, 2025
Using a Security Key on X? Re-Enroll Now or Your Account Will Be Locked | PCMag
https://www.pcmag.com/news/using-a-security-key-on-x-re-enroll-now-or-your-account-will-be-locked
X is getting closer to removing the last reminders of Twitter | The Verge
https://www.theverge.com/news/807011/twitter-com-x-com-login-security-key-passkey-domain
PSA: Reregister your hardware 2FA key for X before November 10 to avoid getting locked out | TechCrunch
https://techcrunch.com/2025/10/27/psa-reregister-your-hardware-2fa-key-for-x-before-november-10-to-avoid-getting-locked-out/
'We're asking all accounts that use security keys as a two-factor authentication (2FA) method to re-register their security keys by November 10th to continue accessing X. You can re-register your existing security key or register a new one,' X's safety team wrote in a post.
If users who use security keys for two-factor authentication don't re-register by November 10, their accounts will be locked until they re-register a security key, choose a different two-factor authentication option, or choose not to use two-factor authentication. The safety team also stated, 'However, we recommend always using two-factor authentication to protect your account!' and recommends not using two-factor authentication.
The change is being made to decommission Twitter domains that are still in use by some users. The security team quoted the post, explaining, 'This change is unrelated to security concerns and only affects YubiKeys and passkeys. It does not affect other two-factor authentication methods such as authenticator apps. Security keys registered for two-factor authentication are currently tied to the twitter.com domain. Re-registering your security key will associate it with the x.com domain, allowing us to decommission the Twitter domain.'
To clarify: this change is not related to any security concern, and only impacts Yubikeys and passkeys - not other 2FA methods (such as authenticator apps). Security keys enrolled as a 2FA method are currently tied to the twitter[.]com domain. Re-enrolling your security key will… https://t.co/PlXOTnNXPM
— Safety (@Safety) October 26, 2025
Since Elon Musk acquired Twitter in 2022, various reforms have been made. In 2023, the long-familiar name 'Twitter' was changed to 'X', and the domain was changed from twitter.com to x.com.
Twitter removes 'Twitter' from its headquarters sign, abandons the blue bird and changes its name to 'X' - GIGAZINE
Twitter.com has been redirected to x.com, and users can still use twitter.com with security keys, etc. However, after November 10, 2025, users will no longer be able to log in to twitter.com with security keys.
X security engineer Christopher Stanley said the change was intended to ensure domain trust: 'We're unlocking Twitter's registered keys and eliminating hacky methods for domain trust. Physical security keys are cryptographically registered to Twitter's domain, and will need to be re-registered under X.'
Getting off of Twitter enrolled keys so we can stop doing hacky things for domain trust.
— Christopher Stanley (@cstanley) October 25, 2025
Physical security keys are cryptographically registered to Twitter's domain and need to be re-enrolled under X.
Related Posts:
in Hardware, Web Service, Posted by log1h_ik