Follow ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- Any account on X that uses a security key will need to re-enroll it.
- You can do this through security settings on the X website or app.
- The move is necessary due to the retirement of the twitter.com domain.
Do you use a physical security key to protect your online accounts? If so, kudos to you, as that’s one of the best methods of protecting yourself with two-factor authentication. But if you use the key with your account on X, formerly Twitter, I’m afraid you’ll have to re-enroll it.
Also: Why multi-factor authentication is absolutely essential
In an X post from Friday, the network’s Safety account said that anyone using a security key as their two-factor authentication (2FA) method must re-enroll that key by November 10. If you miss that deadline, your existing security keys will stop working, and you’ll be locked out of your account.
At that point, you can still re-enroll, select a different 2FA method, or opt not to use 2FA. However, to stay secure, you’ll want to either re-enroll or choose a different — but still effective — method.
<!–>
To re-enroll, fire up the X website or mobile app. Select the More button, click the option for Settings and privacy, go to Security and account access, select the option for Security, and then click “Two-factor authentication.” Select the option for Security key. Make sure the security key is plugged into your computer or mobile device, and then follow the steps to enroll the key.
Also: The best security keys: Expert tested
If you no longer want to use the security key, you can choose the “Authenticator app” option instead. For this, you can use an app like Microsoft Authenticator or Google Authenticator to generate codes to use each time you need to sign in to X on a different device. Just don’t pick the option for SMS text messages, as that’s the least secure type of 2FA and one vulnerable to hacking.
Why the need to re-enroll? Is X owner Elon Musk just messing with people in his usual style? Maybe, but that’s not the real reason. The network is finally retiring its old twitter.com domain, which means you’ll be able to access it only through x.com. With the old domain facing retirement, any security keys enrolled under the twitter.com domain will need to be reestablished under the newer x.com.
“To clarify: This change is not related to any security concern, and only impacts Yubikeys and passkeys – not other 2FA methods (such as authenticator apps),” the X Safety account also posted. “Security keys enrolled as a 2FA method are currently tied to the twitter[.]com domain. Re-enrolling your security key will associate them with x[.]com, allowing us to retire the Twitter domain.”
Also: How passkeys work: The complete guide to your inevitable passwordless future
This post from the X Safety team does mention passkeys in addition to security keys. However, there’s no indication that people with passkeys will need to reset or recreate them. I contacted X to ask what will happen with users who have passkeys and will update the story when and if I hear back.
Get the morning’s top stories in your inbox each day with our Tech Today newsletter.
–>
