X, formerly known as Twitter, is preparing to officially retire the Twitter.com domain.

The platform’s @Safety account has issued a warning to users who rely on physical security keys or passkeys for two-factor authentication (2FA), urging them to re-enroll their keys before November 10 to avoid being locked out of their accounts.

According to X, this change is part of the ongoing migration from twitter.com to x.com and is not related to any security breach. However, because security keys and passkeys are domain-specific, users must re-register them to function under the new x.com domain. Failing to do so will result in locked accounts, and inactive or abandoned accounts could potentially be sold afterward.

The X Safety Team explained, “Security keys enrolled as a 2FA method are currently tied to the twitter[.]com domain. Re-enrolling your security key will associate them with x[.]com, allowing us to retire the Twitter domain.” Other two-factor authentication methods, such as authenticator apps, are not affected by this update.

The change highlights how domain-based security protocols work: since hardware keys and passkeys are bound to the specific web address they were originally registered with, they won’t recognize logins from a new domain. This safeguard is designed to prevent phishing attacks that rely on deceptive URLs or lookalike characters.

READ
OpenAI CEO Sam Altman Says AI Job Loss Fears May Have Been Overstated

While X has already phased out much of the Twitter branding—including its iconic blue bird logo—the company still hosts a few remnants of the old site, such as the embed page for posts. With this update, the final phase of Twitter’s digital transformation into X appears nearly complete.


Buy ExpressVPN with PayPal or Credit Card
Advertisement