**Summary: X (formerly Twitter) Users Locked Out After Two-Factor Authentication Switch**
In recent days, a significant number of users on X—the social media platform formerly known as Twitter—have reported being locked out of their accounts or trapped in endless login loops after a mandatory change to their two-factor authentication (2FA) process. This disruption appears to stem from updates related to the platform’s ongoing transition from the legacy twitter.com domain to its new x.com domain, a move initiated under the leadership of Elon Musk.
**Background: The Domain Shift and Security Changes**
The trouble began after X announced that it would be retiring the twitter.com domain and moving entirely to x.com—a change that officially took effect in May 2024. While the old domain currently redirects users to x.com, this technical shift has had unforeseen consequences for account security, particularly for those who use advanced 2FA methods such as passkeys or hardware security keys (like Yubikeys).
Two-factor authentication is a critical component of digital security, requiring users to provide two forms of identification to access their accounts. On X, users can choose from several 2FA methods: an authenticator app, passkeys, or hardware security keys. Importantly, those relying on authenticator apps have not been affected by the recent changes. However, users who depend on passkeys or hardware security keys have encountered significant issues.
**Why the Change Was Necessary**
The core of the issue lies in the way passkeys and hardware security keys work. These security devices are digitally linked to the domain where they were first registered—in this case, twitter.com. When X transitioned to the x.com domain, these security credentials could not be automatically transferred. As a result, X required users to manually un-enroll their existing keys and re-enroll them on x.com.
The platform announced this requirement on October 24, urging users to complete the switch before November 10. X also warned that users who failed to re-enroll by the deadline would be locked out of their accounts until they updated their 2FA method or selected an alternative, such as an authenticator app.
**Users Locked Out and Frustrated**
Now that the November 10 deadline has passed, many users have found themselves unable to access their accounts. Social media has been flooded with reports of users encountering error messages or being caught in an endless loop when trying to re-enroll their security keys. In some cases, individuals are entirely locked out, unable to complete the required process or regain access to their accounts.
This situation has caused considerable frustration, especially among security-conscious users who specifically chose hardware keys or passkeys for their enhanced protection. The inability to easily transfer their credentials to the new domain, combined with the lack of clear guidance or support from X, has left many feeling helpless.
**Broader Context: X’s Troubled Transition Under Musk**
This latest technical mishap is just one in a series of challenges that have plagued X since Elon Musk’s $