Elon Musk’s platform, X, is facing another storm as users report getting locked out of their accounts after a messy X security transition tied to its new authentication system. What should have been a straightforward update to the company’s two-factor authentication process has instead turned into a frustrating, time-consuming loop for thousands of people who rely on passkeys or hardware security keys. And now, many are stuck on the outside looking in.
The trouble began when X required users to switch their security keys from the old twitter.com domain to the newer x.com domain. X has slowly been phasing out the Twitter branding ever since Musk reintroduced the platform under its new identity. But retiring a domain tied to millions of login credentials is far more complicated than a name change, and the results are now showing.
For users who depend on passkeys or hardware devices like YubiKeys, the transition hasn’t gone smoothly. Instead of a quick switch, many find themselves looping endlessly between login prompts, error messages, and failed attempts to re-enroll their keys.
Some can’t log in at all, and others say the system refuses to recognize even the backup methods they set up for emergencies.
As more reports spread across social media, it’s clear that what should have been a routine update has spiraled into a widespread lockout problem.
The issue began with a simple technical truth: passkeys and physical security keys are tied to the domain they were originally set up on. In this case, that domain was twitter.com. When X moved to x.com earlier this year, the old domain started redirecting users. That change introduced a hidden problem, security keys do not transfer between domains.
So X told everyone who uses hardware-based two-factor authentication that they needed to manually un-enroll and re-enroll their keys under the new x.com domain. The announcement came on October 24, with a warning that users had until November 10 to complete the transition or risk being locked out.
When the deadline passed, the lockouts began. And they weren’t mild. For many, the platform simply won’t let them proceed, even after following the instructions exactly. Some users have no other authentication methods available, which leaves their accounts completely inaccessible.
This kind of switchover requires precise execution. But the process appears to have failed across multiple steps, leaving a significant chunk of X’s user base suddenly stranded without access.
Now that the transition window is closed, users are reporting a wide mix of problems. Some hit a dead end after trying to remove their old key. Others say the site keeps forcing them back to the same login loop.
A few are stuck with errors that don’t explain what went wrong. And because passkeys depend heavily on browser-level trust, even a small mismatch creates an authentication wall.
On top of that, the company’s communication has been limited. X did not respond to questions about the issue, and its support channels haven’t offered clear solutions. That silence has only amplified frustration for users who rely on the platform for public communication, safety alerts, or business operations.
Meanwhile, Elon Musk has continued posting as usual. His account seems unaffected by the transition, adding an ironic edge to a situation that has people locked out of the service he now owns.
Behind the scenes, this episode exposes a deeper operational challenge for X. Since Musk purchased the company for $44 billion in 2022, the platform has gone through rapid changes, major layoffs, and several rounds of restructuring.
Many longtime employees, including those working on security and infrastructure, were cut months ago. And those departures may now be catching up with the company as technical challenges pile up.
Yet the lockout problem isn’t simply a glitch, it reveals how complex identity systems are, and how much care they require during major domain transitions. Even large companies struggle with these changes. But X’s aggressive timeline and lack of clarity made the situation far more chaotic than it needed to be.
Users who depend on hardware keys often do so because they value security. These are people who want the strongest protection for their accounts. So a faulty switchover hits them harder than most. And with no easy backup route, their accounts now sit in limbo while the company decides what to do next.
Though X hoped to retire the Twitter domain and unify the platform under a new identity, the process has created one of its most frustrating user lockout events since Musk took over.
