The site formerly known as Twitter has been “X” for over two years now. Nevertheless, many of us still call the site by its old, iconic name. In fact, anytime I feel the need to visit, I go to twitter.com, not x.com—even though the site always redirects to the latter. Is it muscle memory? A small protest? Probably a little of both. But my days of typing “t” in Safari’s address bar and clicking the autofilled twitter.com URL are likely coming to a close, as X seems poised to finally retire its Twitter domain for good.
That news started with a post from X’s “Safety” account on Friday. The post stated that, by Nov. 10, all accounts using a security key for two-factor authentication (2FA) should re-enroll their key to continue using X. The account says you can re-enroll an existing key, or enroll a new one, and that if you choose the latter, other security keys on your account will stop working unless you re-enroll them as well. If you don’t take action, your account will be locked after the 10th.
This change set off speculation that someone had compromised X’s authorization infrastructure, which forced X’s Safety account to make another post clarifying its reasoning for the security change. Not only was there no security concern, the issue only affected Yubikeys and passkeys, not authenticator apps or other 2FA protocols. But the lede was buried within this post: The keys are currently tied to the twitter.com domain: X plans to retire that domain, requiring users to re-enroll with the x.com domain.
This Tweet is currently unavailable. It might be loading or has been removed.
If X really does go ahead and retire the domain, it truly will be the end of an era. Nothing will change with the platform itself: X will still be a site for posting your thoughts and dodging the worst of humanity. But once twitter.com stops working, it really will become X through and through. Maybe that will be enough to finally get me to quit it.
Of course, the immediate issue here is for users with security keys tied to Twitter, not X. Those users won’t be able to access their accounts after Nov. 10—unless they take some simple steps to comply with the changes.
Don’t get locked out of X
If you’d like to make sure you can continue using X once the twitter.com domain is retired, you’ll need to make sure your 2FA setup is compliant.
X’s Safety account says if you have a Yubikey or passkey that is affected, you will be prompted to automatically re-enroll with the x.com domain. However, you can also take it upon yourself to re-enroll, by heading to your X account’s 2FA settings and following the on-screen instructions. If you don’t want to re-enroll a key, you can instead choose a different 2FA method, or ditch 2FA entirely—though I strongly encourage you not to choose the last option, for the sake of your account’s security.
