X Urges Users to Re-enroll Passkeys and YubiKeys for 2FA by November 10, 2025

The social media platform X (formerly Twitter) has issued a critical notice to users employing passkeys or hardware security keys, such as YubiKeys, for two-factor authentication (2FA). Users are required to re-enroll these authentication methods before November 10, 2025, to avoid potential account lockouts. This directive applies to all X users utilizing these advanced 2FA methods.

Passkeys and hardware security keys are considered more secure than traditional 2FA methods like SMS or time-based one-time passwords (TOTP). They leverage public-key cryptography and physical security tokens to provide robust protection against phishing and other attack vectors. The necessity to re-enroll these devices suggests a significant update in X's authentication infrastructure, possibly to address security vulnerabilities or to migrate to a new protocol.

The impact of this change is substantial. Users who fail to comply risk losing access to their accounts, which could be disruptive, especially for those who rely on X for business or personal communication. For the cybersecurity landscape, this move underscores the importance of maintaining up-to-date authentication mechanisms and the need for proactive security measures.

From an expert perspective, this re-enrollment requirement could be part of a broader effort to enhance security. It might involve updating cryptographic keys or implementing new authentication standards. Organizations should take note of this development and consider reviewing their own authentication practices to ensure they remain secure and up-to-date.

For users, the immediate action is clear: re-enroll your passkeys or hardware security keys by the specified deadline. For those who prefer not to use these methods, switching to another 2FA option is available, though disabling 2FA entirely is not recommended due to the increased security risks.