They're going to have to carry on paying for all the Twitter domains for as long as they exist. They'll never be able to release them back out for someone else to register.
X says passkey reset isn't about a security issue – it's to finally kill off twitter.com
X (formerly Twitter) sparked security concerns over the weekend when it announced users must re-enroll their security keys by November 10 or face account lockouts — without initially explaining why. The cryptic mandate from X Safety on Friday led many to suspect a security breach was behind it. When a platform forcibly rotate …
-
-
Monday 27th October 2025 14:38 GMT ABugNamedJune
Re: Hmmm?
Thank god for Archive.org. There was such a push for multi-platform integration between 2012 and ~2018 that all of the sites from that era are just totally broken from stuff like twitter dropping the twitter domain, and I can only imagine the effort it takes to archive some notable examples of those sites. Oh to be a fly on the wall watching historians try to detangle it all in a hundred years or so.
(past 2018 it's not that there was less of a push for multi-platform integration, it's just that Facebook, Twitter, Amazon etc. decided that there should be no other platforms than theirs :/ )
-
-
Monday 27th October 2025 14:32 GMT Joe Dietz
I'm all for getting rid of passwords, but passkeys != security
Passkeys have security value because it stops password reuse across domains and eliminates the need to write them down if I didn't and forces the attacker to shift tactics. But stopping credential theft outright, not as much.
For years now attacks have shifted focused on post-authentication credentials. It doesn't matter at all how you authenticate an account if you leave the resulting shared secret lying about on your local device waiting for somebody to drop by and read it/use it. OAuth tokens are particularly bad here because they are frequently not validated against other factors like the sending host (or even if they are, clever reverse proxies are not that unheard of), or even password resets (looking at YOU Gmail password resets!), have a long lifespan (again Google) and are frequently renewable (Google).
-
Monday 27th October 2025 14:59 GMT James O'Shea
it's fine until it stops working
"Microsoft has long told customers they won't have the option to forgo the passwordless push,"
One of my cousins has a Mac, and MS Office. Over the weekend, he got a message from his personal OneDrive that he needed to sign in. Except that there was a problem: the password did NOT unlock OneDrive. He got an error message (8004de44, he called me to fix the damn thing) and a request for a 'security key' (the Mac doesn't have a fingerprint reader) and could not activate. Changing the password made no difference. He could access OnDrive in his web browser, just as he could access his MS account, and MS Office; he had a OneDrive Business account, which works. MS 'support' were less than helpful. The personal OneDrive works on a Windows machine and on an iPad as well as in Firefox, Brave, and Vivaldi. Apple support said that this is an MS problem, not theirs, especially as it works on the iPad.
In Ye Olden Daze of just passwords there would have been no problem. Probably.
-
Monday 27th October 2025 16:33 GMT gormful
"Passwords can be, and all too often are, stolen through various means."
I'd rather use passwords than a security token. Misplacing my all-eggs-in-one-basket token would keep me from accessing *anything* on the Internet. It's like losing your wallet, and having to replace *all* of your credit and ID cards, but worse. Having *one* of my randomly-generated passwords (say, for an e-commerce site) compromised seems to be lower impact overall.
Biting the hand that feeds IT
