X is planning to phase out the Twitter.com domain, as indicated by a warning from the official @Safety account. Users who utilize physical security keys or passkeys for two-factor authentication (2FA) must re-enroll these security methods by November 10th. Failure to do so will result in account locks until the update is completed. Furthermore, abandoned accounts may be considered for sale.
Notifications regarding this change have been sent to active users with keys linked to their accounts. The X Safety team clarified that this update is not prompted by a security concern and specifically affects Yubikeys and passkeys—other 2FA methods, such as authenticator apps, remain unaffected. The need for re-enrollment arises because the security keys currently linked to the twitter.com domain must be updated to associate with x.com, enabling the retirement of the Twitter domain.
Security keys and passkeys are essential for protecting against phishing attacks, which can employ deceptive characters to mislead users. They are specifically tied to their original domain and will not function with an alternative domain name.
The update marks one of the final steps in X’s shift away from the Twitter identity. The platform transitioned to the new domain more than a year ago and discontinued its former blue bird mascot approximately a year prior. Despite this change, remnants of the Twitter branding, such as the embedding page for X posts, still exist.
Source: https://www.theverge.com/news/807011/twitter-com-x-com-login-security-key-passkey-domain