If you use X, you might need to act before November 10
The company formerly known as Twitter says you might need to check your security settings before it’s too late.
Over the past few months, X has been taking user security more seriously. It has pushed for stronger two-factor authentication, added passkey support for Android, and encouraged people to move away from old password habits.
But now, one of those very tools, passkeys, could end up locking users out if they don’t make a small update before November 10.
Ogbonda Chivumnovu
Over the weekend, X announced that users who rely on hardware-based two-factor authentication (2FA), like YubiKeys or other physical passkeys, need to re-enrol their security keys before the deadline. The company says it’s part of a technical shift as it prepares to fully retire its old twitter.com domain. Security keys enrolled under the Twitter domain won’t work with x.com, so they have to be re-linked to the new domain before that happens. In short, if your key is still registered to “twitter.com,” it won’t recognise “x.com,” and you won’t be able to sign in until you fix it.
X clarified that this change doesn’t affect users who use authenticator apps like Google Authenticator, Microsoft Authenticator, or Authy. Those methods are tied directly to your account, not a web domain. But for users who prefer hardware-based security, this extra step is necessary.
It’s a small but important reminder of how deeply technical domain changes can ripple across platforms. And if there’s ever been a clear sign that Elon Musk is serious about making X its own brand identity separate from Twitter, this is definitely one. It’ll be interesting to see how the move away from twitter.com affects more than just passkeys in the long run.
If you’re affected, the fix is straightforward. Head to Settings → Security and account access → Two-factor authentication → Manage security keys, and re-enrol your key. You can reuse your current one or add a new device. Just don’t wait too long. After November 10, any un-updated key will lock you out until you re-enrol, switch to another 2FA method, or ditch 2FA altogether (though that’s not recommended).
It’s a bit of a hassle, yes, but in the grand scheme of cybersecurity, it’s a necessary one. Passkeys are still the future, just remember to keep them pointed at the right domain.
Louis Eriakha
