Follow ZDNET: Add us as a favorite source On Google.
ZDNET Highlights
- Any account on X that uses the security key will need to re-enroll it.
- You can do this through the security settings on the X website or app.
- This move is necessary due to the retirement of the Twitter.com domain.
Do you use physical security keys to protect your online accounts? If so, then congratulations to you, because it is one of the best ways to protect yourself with two-factor authentication. But if you use the key with your account on X, formerly Twitter, I’m afraid you’ll have to enroll it again.
Also: Why is multi-factor authentication necessary?
in one X post from FridayThe network’s security account states that anyone using a security key as their two-factor authentication (2FA) method will have until November 10 to re-enroll that key. If you miss that deadline, your existing security key will stop working, and you will be locked out of your account.
At that time, you can still re-enroll, select a different 2FA method, or choose not to use 2FA. However, to be safe, you may want to either re-enroll or choose a different – but still effective – method.
To re-enrol, go to the X website or mobile app. Select the More button, click the Settings and privacy option, go to Security and account access, select the Security option, and then click “Two-factor authentication.” Select the Security Key option. Make sure the security key is plugged into your computer or mobile device, and then follow the steps to enroll the key.
Also: Best Security Keys: Expert Tested
If you no longer want to use the security key, you can select the “Authenticator App” option instead. For this, you can use an app like Microsoft Authenticator or Google Authenticator to generate a code to use every time you sign in to X on a different device. Just don’t opt for SMS text messages, as this is the least secure type of 2FA and vulnerable to hacking.
Why the need for re-enrolment? Is X boss Elon Musk messing with people in his usual style? Maybe, but that’s not the real reason. The network is finally removing its old twitter.com domain, meaning you’ll only be able to access it through x.com. With the old domain nearing retirement, any security keys enrolled under the twitter.com domain will need to be reset under the new x.com.
“To clarify: this change is not related to any security concern, and only affects Yubikeys and passkeys – not other 2FA methods (like Authenticator apps),” also posted“Security keys enrolled as a 2FA method are currently associated with the twitter(.)com domain. Re-enrolling your security keys will cause them to be associated with x(.)com, allowing us to retire the Twitter domain.”
Also: How Passkey Works: The Complete Guide to Your Inevitable Passwordless Future
This post from the X Safety Team also mentions passkeys in addition to security keys. However, there is no indication that people with passkeys will need to reset or recreate them. I contacted X to ask what would happen to users who have the passkeys and will update the story when I hear back.
Get our top stories delivered to your inbox every morning Tech Today Newsletter,
