Urgent Action Required for X Users with Security Keys

The social media platform X has issued a critical security alert for users who rely on hardware-based two-factor authentication (2FA). The company is urging individuals using passkeys and physical security keys, like Yubikeys, to re-enroll their devices to ensure uninterrupted access to their accounts. The deadline for this mandatory action is November 10, 2025. Failure to comply will result in users being locked out of their accounts until corrective measures are taken.

In a public statement, X’s Safety handle outlined the consequences of inaction. The post read, “After November 10, if you haven’t re-enrolled a security key, your account will be locked until you: re-enroll; choose a different 2FA method; or elect not to use 2FA (but we always recommend you use 2FA to protect your account!).” This directive applies to users who need to either re-register their existing security key or enroll a completely new one.

Domain Retirement Prompts Authentication Update

This security measure is a component of X’s larger initiative to formally retire the original twitter[.]com domain. The company, which was rebranded from Twitter to X in July 2023 following its acquisition by Elon Musk in October 2022, is updating its systems to finalize the transition. By requiring the re-enrollment of security keys, X ensures that its authentication protocols are fully aligned with the new domain infrastructure, preventing access issues for its most security-conscious users.

In a follow-up post, X clarified that the change is specific to hardware-based 2FA methods. Users who have enabled two-factor authentication through other means, such as an authenticator app or SMS codes, are not affected by this mandate and do not need to take any action with their accounts.