We’re seeing reports across social media that users of Elon Musk’s X are getting stuck in endless loops and, in some cases, getting locked out of their X account, following a mandatory two-factor security change that seems to have gone wrong.

On October 24, X said in a post that it was asking users who rely on passkeys or hardware security keys (such as Yubikeys) as their method of two-factor authentication to re-enroll using the x.com domain. (Users who use an authenticator app are unaffected.)

X said this was part of an effort to retire the older twitter.com domain, which currently redirects to x.com. That change took effect in May 2024. The problem is that passkeys and security keys are digitally tied to the old twitter.com domain and can’t be transferred to x.com. That means users

See Full Page