"Active users with keys attached to their accounts have been getting notifications about the impending change for a while, and the X Safety team explained the process in a clarification post: "This change is not related to any security concern, and only impacts Yubikeys and passkeys - not other 2FA methods (such as authenticator apps). Security keys enrolled as a 2FA method are currently tied to the twitter[.]com domain. Re-enrolling your security key will associate them with x[.]com, allowing us to retire the Twitter domain.""
"Authentication methods like hardware keys and passkeys have to be updated for the same reason they help protect against phishing attacks that try to dupe you with fake Unicode characters or long addresses pointing to another website. They're tied to the domain they were originally set up with, and won't recognize another one, like a link using a "|" character to look like a lower-case L, or X.com instead of Twitter.com."
X is retiring the twitter.com domain and requires users who use security keys or passkeys for two-factor authentication to re-enroll them under x.com. If hardware keys or passkeys are not updated by November 10, associated accounts will be locked until re-enrollment completes. Accounts that remain inactive or abandoned and not updated could possibly be sold. The change affects YubiKeys and passkeys only and does not affect other 2FA methods such as authenticator apps. Security keys and passkeys are cryptographically bound to the domain where they were registered and will not authenticate for a different domain such as x.com.
Read at The Verge
Unable to calculate read time
Collection
[
|
...
]