X’s Security Key Transition Causes Widespread User Lockouts
In a recent development, numerous users of X, the social media platform formerly known as Twitter, have reported being locked out of their accounts following a mandatory change in the platform’s two-factor authentication (2FA) system. This issue stems from X’s transition from the twitter.com domain to x.com, necessitating users who utilize passkeys or hardware security keys, such as YubiKeys, to re-enroll their devices under the new domain.
Background of the Domain Transition
On October 24, 2025, X announced its plan to retire the twitter.com domain, which had been redirecting to x.com since May 2024. This move was part of a broader rebranding strategy initiated by Elon Musk after acquiring Twitter for $44 billion. The rebranding aimed to consolidate the platform’s identity under the new X moniker.
As part of this transition, X required users who relied on passkeys or hardware security keys for 2FA to re-enroll their devices using the x.com domain. This requirement arose because these security keys are cryptographically linked to specific domains and cannot be automatically transferred from twitter.com to x.com. Users who employed authenticator apps for 2FA were unaffected by this change.
Implementation and User Notifications
X communicated this change through a post on October 24, 2025, informing users of the need to re-enroll their security keys by November 10, 2025. The company warned that failure to do so would result in account lockouts until users re-enrolled their security keys or selected an alternative 2FA method.
The re-enrollment process required users to manually un-enroll their existing security keys from the twitter.com domain and then re-enroll them under x.com. This manual process was necessary due to the domain-specific nature of the security keys’ cryptographic ties.
User Experiences and Reported Issues
Following the November 10 deadline, a significant number of users reported difficulties in re-enrolling their security keys. Common issues included encountering error messages and becoming trapped in continuous loops during the re-enrollment process. As a result, many users found themselves locked out of their accounts, unable to regain access.
These problems have been widely discussed across social media platforms, with users expressing frustration over the lack of clear guidance and support from X. The situation has raised concerns about the platform’s ability to manage critical security transitions effectively.
Company Response and Broader Implications
As of now, X has not issued a formal response addressing the widespread user lockouts. Elon Musk, the owner of X, has continued his regular posting activities, seemingly unaffected by the ongoing issues.
This incident adds to a series of challenges faced by X since Musk’s acquisition, including significant staff reductions and various controversies. The current situation underscores the complexities involved in rebranding and domain transitions, particularly when they intersect with user security protocols.
Recommendations for Affected Users
For users experiencing account lockouts, it is advisable to attempt the re-enrollment process during off-peak hours to potentially avoid server overloads. Additionally, users should ensure that their security keys are compatible with the x.com domain and that they are following the re-enrollment instructions precisely.
If issues persist, users are encouraged to contact X’s customer support for assistance. However, given the reported lack of response from the company, users may also consider exploring alternative 2FA methods, such as authenticator apps, to regain access to their accounts.
Conclusion
The transition from twitter.com to x.com has highlighted the critical importance of meticulous planning and user communication in implementing security-related changes. As X continues to evolve under Musk’s leadership, it is imperative for the company to prioritize user security and provide clear, effective support during such transitions to maintain user trust and platform integrity.
