Elon Musk’s X security key glitch locks out users
▼ Summary
– X users are experiencing account lockouts and endless loops due to a problematic mandatory two-factor authentication change.
– The issue affects users who use passkeys or hardware security keys, requiring them to re-enroll on the x.com domain.
– This change is part of X’s effort to retire the twitter.com domain, as passkeys are tied to the old domain and cannot be transferred.
– X had warned that accounts would be locked after November 10 if users did not re-enroll or switch two-factor methods.
– The problem adds to a series of issues X has faced since Elon Musk’s acquisition, including layoffs and controversies.
A significant number of users are currently experiencing account lockouts and frustrating login loops on the social media platform X, following a mandatory security update tied to its domain migration. The issue appears to stem from a recent requirement for users to switch their two-factor authentication methods from the old twitter.com domain to the new x.com address.
On October 24th, the company formerly known as Twitter announced it was instructing a specific group of users to re-enroll their security keys. This directive applied exclusively to individuals who utilize passkeys or hardware security keys, such as popular Yubikeys, for their two-factor authentication. The platform clarified that people who rely on standard authenticator applications were not impacted by this change.
The root of the problem lies in the company’s ongoing effort to fully retire the twitter.com web address, a transition that officially took place earlier this year. Because passkeys and physical security keys are cryptographically bound to the specific domain where they were created, they cannot be automatically transferred. This technical limitation forced users to manually remove their old security keys linked to twitter.com and then re-register them under the x.com domain.
As part of this security migration, X issued a clear warning to affected account holders. The company stated that after a November 10th deadline, any user who had not completed the re-enrollment process would find their account inaccessible. The only way to regain entry would be to either successfully complete the key re-enrollment or to select an entirely different two-factor method.
Now that the deadline has come and gone, widespread user reports confirm that the feared lockouts are indeed happening. Many individuals are finding themselves completely unable to access their accounts, with some encountering cryptic error messages and others trapped in an endless cycle of login prompts that prevent them from re-adding their security keys.
This authentication debacle represents just the latest in a series of challenges for the platform since its acquisition by Elon Musk. The social media service has navigated a turbulent path under its new ownership, marked by significant staff reductions and a near-constant stream of public controversies. While the platform itself has not provided an official statement regarding the ongoing login issues, Musk has continued his regular posting activity on the site, apparently unaffected by the technical difficulties impacting a portion of his user base.
(Source: TechCrunch)
