X urges users with passkeys or YubiKeys to re-enroll 2FA by Nov 10, 2025, or risk account lockout. Re-enroll, switch 2FA, or disable it.
Social media platform X is urging users who use passkeys or hardware security keys like YubiKeys for two-factor authentication (2FA) to re-enroll their keys by November 10, 2025, to keep account access. After that date, accounts without re-enrollment will be locked until users re-enroll, switch to another 2FA method, or disable 2FA, though X strongly recommends keeping 2FA enabled for security.
Users don’t need to take any action if they use other 2FA methods, such as authenticator apps.
The company clarified that the re-enrollment of security keys and passkeys is due to the migration from twitter.com to x.com, not a security incident. Keys tied to twitter.com will stop working after November 10.
In October 2022, SpaceX and Elon Musk bought Twitter and rebranded it as X in July 2023. The request to re-enroll the users’ key to continue accessing the social media platform is due to the new owners’ decision to retire the twitter.com domain.
Users must re-enroll, switch to another 2FA method, or disable 2FA (not recommended) to regain access. The process requires visiting x.com/settings, disabling old keys, re-enrolling, and confirming with a password.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Twitter)
