Thousands of users of Elon Musk’s platform X are reporting widespread login problems after a mandatory change to two-factor authentication. Many are stuck in endless loops or completely locked out of their accounts — a situation that has generated frustration across social media.
On October 24, X announced that users who rely on passwords or hardware security keys, such as YubiKeys, must re-register using the x.com domain. Users who use authenticator apps are not affected.
According to the company behind Elon Musk, this measure is part of the process of retiring the older twitter.com domain. Since May 2024, the old address has automatically redirected to x.com, which is now intended to be the sole active domain. Because passwords and security keys were tied to the previous domain, however, they could not be transferred automatically.
To continue using their accounts, users must first unregister their existing method and then register it again under the new x.com domain. While that sounds straightforward, the process has caused significant problems in practice.
Users report error messages and login loops
After the re-registration deadline passed on November 10, reports of login failures began to increase. Many users say they cannot log in at all despite following the instructions. Others describe being trapped in an endless loop in which the platform repeatedly requests re-authentication without completing the process.
On platforms such as Reddit and Mastodon, affected users have shared screenshots showing error messages like “Authentication failed” or “Key not recognized.” Some users have also noted that their security keys are no longer recognized because the system is still attempting to verify against the old twitter.com domain.
Growing criticism of Elon Musk’s handling
This is not the first time X has faced technical troubles or criticism over security issues. Since Elon Musk acquired Twitter for $44 billion and rebranded it as X, the platform has undergone major staff reductions and several reorganizations. Many observers say these changes have negatively affected technical stability.
Several users and security experts have expressed concern that the domain change was not implemented gradually. “Disconnecting a previously secure domain without an automated transition process is a high-risk decision,” a security consultant wrote on social media. “It risks locking out legitimate users and undermining trust in the platform.”
X has not yet commented
When IT-Branschen sought comment from X, the company had not responded. Elon Musk himself has continued to post on the platform as usual, and there has been no public acknowledgment from him about the ongoing issues with security keys or logins.
While a fix is awaited, users are being advised to switch to authenticator apps or create new accounts to regain access — advice that has further frustrated long-time users.
A growing trust problem
For Elon Musk, this episode is another example of how changes at X provoke strong reactions. Since the takeover, the platform has faced criticism over poor communication, unstable features and an unpredictable development path.
It remains to be seen whether the company can restore users’ trust. What is clear is that thousands of people are now without access to their accounts — an ironic outcome of a security update intended to improve safety.