Social media platform X has issued a mandatory directive for users who have secured their accounts with passkeys or physical hardware security keys like Yubikeys, urging them to re-enroll their key to maintain access to the service. Users must complete this process, either with their current key or a new one, by the deadline of November 10, 2025. The company’s Safety team has explicitly warned that accounts failing to meet this deadline will be locked until the user chooses one of three options: re-enroll the security key, switch to an alternative 2FA method, or elect to disable 2FA entirely, though the latter is strongly discouraged for security reasons.
The necessity for this action stems from X’s ongoing effort to completely retire the original twitter.com domain following its rebrand from Twitter to X in July 2023. Currently, any security key previously enrolled for 2FA is still technically tied to the retired Twitter domain. By initiating a re-enrollment, users are effectively associating their security keys with the current x.com domain, thereby allowing X to finalize the sunsetting of its former web address. The original platform was acquired by Elon Musk in October 2022, and this key change is a technical step in its full transition.
It is important for users to note that this requirement does not apply to everyone who utilizes two-factor authentication. Users who have enrolled for 2FA using authenticator apps like Google Authenticator or other similar methods are exempt from this mandatory re-enrollment and do not need to take any action. The only users affected are those specifically utilizing the physical hardware keys or passkeys. X also offers 2FA via text message, but this option has been restricted to Premium subscribers since March 2023.
Once the November 10 deadline passes, any non-compliant account will be automatically locked. To regain access, users will be prompted to re-enroll their key, which will properly link it to the x.com domain. Alternatively, they can opt to switch to a different 2FA method, such as an authenticator app, or, as a last resort, disable 2FA altogether. X’s official guidance, however, is to always use a strong 2FA method to protect accounts from unauthorized access.
Users who need to complete the re-enrollment can do so through their account settings by navigating to Settings and privacy and then proceeding to Security and account access. From there, under the Security tab, select Two-factor authentication and then Security key. After choosing Manage security keys and deleting the existing key, the user can select the Security key option again, enter their X password, and confirm via a code sent to their email. Finally, following the on-screen instructions, the user will click Start, insert their key into the computer’s USB port (or connect via Bluetooth/NFC), and then touch the button on the key to finish the setup process.
Reference:
