PSA: Re-register your hardware 2FA key for X before Nov. 10 to avoid getting locked out

Social web X said implicit the play that it plans to discontinue its twitter.com URL for authentication. This means users who person enabled two-factor authentication utilizing a hardware cardinal similar YubiKey volition person to re-enroll their keys earlier November 10.

“By November 10, we’re asking each accounts that usage a information cardinal arsenic their two-factor authentication (2FA) method to re-enroll their cardinal to proceed accessing X. You tin re-enroll your existing information key, oregon enroll a caller one,” the societal network’s information relationship posted past Friday.

Two days later, the institution explained that this was indispensable due to the fact that the institution wanted to discontinue its aged twitter.com domain. The domain alteration is not expected to interaction different 2FA authenticators similar Google Authenticator, Microsoft Authenticator, oregon Authy.

“To clarify: this alteration is not related to immoderate information concern, and lone impacts Yubikeys and passkeys – not different 2FA methods (such arsenic authenticator apps). Security keys enrolled arsenic a 2FA method are presently tied to the twitter[.]com domain. Re-enrolling your information cardinal volition subordinate it with x[.]com, allowing america to discontinue the Twitter domain,” the relationship said.

Christopher Stanley, a information technologist astatine X, xAI and SpaceX, said this determination is to guarantee domain trust. “Getting disconnected of Twitter enrolled keys truthful we tin halt doing hacky things for domain trust. Physical information keys are cryptographically registered to Twitter’s domain and request to beryllium re-enrolled nether X,” helium said.

If you’re utilizing a hardware cardinal to unafraid your account, caput to “Settings” -> “Security and relationship access” -> “Two-factor authentication” -> “Manage information keys”.

It is not wide if X plans to discontinue the twitter.com domain for each activities, oregon if this is conscionable a information measure. We person asked the institution to clarify, and volition update the communicative if we perceive back.