We’re seeing reports across social media that users of Elon Musk’s X are getting stuck in endless loops and, in some cases, getting locked out of their X account, following a mandatory two-factor security change that seems to have gone wrong.
On October 24, X said in a post that it was asking users who rely on passkeys or hardware security keys (such as Yubikeys) as their method of two-factor authentication to re-enroll using the x.com domain. (Users who use an authenticator app are unaffected.)
X said this was part of an effort to retire the older twitter.com domain, which currently redirects to x.com. That change took effect in May 2024. The problem is that passkeys and security keys are digitally tied to the old twitter.com domain and can’t be transferred to x.com. That means users have to manually un-enroll and re-enroll using the new x.com domain.
As part of the switchover, X warned that after November 10, customers would have their accounts locked until they re-enroll or choose another method of two-factor authentication.
Now that the deadline has passed, plenty of users are reporting that they’ve been locked out of their accounts and can’t re-enroll their passkey or security key, citing error messages or getting caught in an endless loop.
This is the latest issue to beset X, now owned by Elon Musk after he bought Twitter, as it was known then, for $44 billion. Since taking charge of the social networking site, the company has experienced massive layoffs and countless controversies.
X did not respond to a request for comment, but Musk, who now owns X, has been posting as usual, presumably unaffected by the change.
