Social media platform X (formerly Twitter) has issued a warning to users who use security keys such as YubiKey or other hardware-based passkeys for two-factor authentication (2FA). The company is asking these users to re-enroll their keys before November 10, 2025, or risk being locked out of their accounts.
According to X’s official Safety account, this step is necessary as part of the company’s ongoing transition from twitter.com to x.com. When Elon Musk rebranded Twitter to X in July 2023, several backend services remained linked to the old domain. Security keys enrolled for 2FA were still tied to twitter.com. It means they would stop working once the domain is fully retired.
To fix this, X wants users to re-enroll their hardware keys so they are linked to x.com instead.
“Security keys enrolled as a 2FA method are currently tied to the twitter[.]com domain. Re-enrolling your security key will associate them with x[.]com, allowing us to retire the Twitter domain.”
If users fail to re-enroll their keys by the deadline, they will lose access to their accounts. X clarified that after November 10, affected users’ accounts will remain locked until they:
- Re-enroll a security key, or
- Choose a different 2FA method, or
- Turn off 2FA completely.
However, X strongly recommends that users keep two-factor authentication enabled for better account protection.
This update only affects users who use physical security keys or passkeys as their 2FA method. Those who use authenticator apps like Google Authenticator or SMS-based verification are not impacted.
X also reminded users that SMS-based 2FA is only available to non-Premium users since March 2023. Paid subscribers must rely on authenticator apps or hardware keys for 2FA.
For users who need to re-enroll, X has shared the following steps:
- Go to Settings and privacy → Security and account access → Security → Two-factor authentication.
- Choose Security key → Manage security keys → Delete existing keys.
- Select the Security key option again.
- Enter your X account password.
- Enter the confirmation code sent to your email.
- Click Start, then insert your security key into the USB port or connect via Bluetooth/NFC.
- Touch the button on the key when prompted.
- Follow the on-screen steps to finish setup.
Once done, your key will be linked to x.com, ensuring continued secure access to your account.
Elon Musk’s decision to rebrand Twitter as X was part of his broader vision to transform the platform into an “everything app,” combining social media, payments, and commerce. Over the past two years, X has gradually removed Twitter branding from its apps, URLs, and internal systems.
Retiring the twitter.com domain is one of the final steps in this process. Since many authentication systems still rely on domain-level verification, this update ensures that users’ security setups remain functional once the old domain is phased out.
While this update might feel inconvenient for users relying on hardware security keys, it is an important step for maintaining account security during X’s full migration from Twitter’s infrastructure.
If you use a YubiKey or similar device, it is highly recommended to re-enroll before November 10 to avoid getting locked out.
