Reports are surfacing on social media indicating that users of Elon Musk’s X are encountering persistent loops and, in some instances, being locked out of their X accounts, following a compulsory two-factor security update that appears to have malfunctioned.

On October 24, X announced in a post that it was requesting users who depend on passkeys or hardware security keys (like YubiKeys) for their two-factor authentication to re-enroll via the x.com domain. (Those utilizing an authenticator app are not impacted.)

X indicated that this was part of a strategy to phase out the obsolete twitter.com domain, which currently redirects to x.com. This modification became effective in May 2024. The issue arises from the fact that passkeys and security keys are digitally associated with the previous twitter.com domain and cannot be shifted to x.com. Consequently, users must manually un-enroll and re-enroll using the new x.com domain.

In conjunction with the transition, X cautioned that after November 10, users would have their accounts locked until they either re-enroll or opt for a different two-factor authentication method. 

With the deadline now passed, numerous users are reporting lockouts from their accounts and are unable to re-enroll their passkeys or security keys, citing error messages or becoming trapped in an endless loop.

This latest dilemma is the most recent challenge faced by X, which is now under Elon Musk’s ownership after he acquired Twitter, as it was formerly named, for $44 billion. Since Musk took over the social networking platform, the company has undergone substantial layoffs and faced various controversies.

X did not provide a response to a request for comment, but Musk, now the owner of X, has been posting as usual, seemingly unaffected by the change.