PANews reported on October 27th, according to 9to5Mac, that X stated that its security keys and Passkeys are currently bound to "twitter.com." To "retire" the domain, it requires accounts using hardware security keys or Passkeys to re-register to "x.com" within two weeks. Otherwise, the keys will become invalid and the accounts will be locked. X emphasized that this move is not related to the security incident and does not affect other 2FA methods such as the Authenticator app. Officially, those who have not re-bound their accounts after November 10th will need to re-register, switch to another 2FA method, or disable 2FA to unlock their accounts.