Urgent Security Action Required for X Users: Re-Enroll Your Passkeys and YubiKeys Immediately
If you use the social media platform X and rely on advanced security measures to protect your account, it’s time for a critical security check-in. A recent system-wide update requires immediate action from users who have enabled two-factor authentication (2FA) with a passkey or a physical security key, such as a YubiKey.
To maintain uninterrupted access to your account, you must re-enroll your existing passkeys and security keys before November 10, 2023. This is a mandatory step to align with the platform’s enhanced security infrastructure.
What’s Changing with X’s Security?
In a proactive move to strengthen account protection, X has revamped its underlying system for handling hardware-based two-factor authentication. While this is a positive development for long-term security, it means that previously registered passkeys and physical keys are no longer compatible with the new architecture.
Think of it as the platform changing the locks on its digital doors. Your old key won’t work anymore, and you need to get a new one cut—even if it’s for the same door. This process ensures that every security key communicating with the platform is using the latest, most secure protocols.
Who Needs to Take Action?
This security update specifically targets a subset of users. You need to act if you use one of the following methods for 2FA on your X account:
- Passkeys: This includes passkeys stored on your iPhone, Android device, or computer (e.g., via Windows Hello).
- Physical Security Keys: This applies to hardware tokens like YubiKey, Google Titan Security Key, or other FIDO-compliant devices.
If you exclusively use SMS text messages or an authenticator app (like Google Authenticator or Authy) for 2FA, you are not affected by this specific update and no action is required on your part.
Step-by-Step Guide to Re-Enrolling Your Security Key
Taking action is straightforward and should only take a few minutes. It is crucial to complete these steps from a trusted device where you are already logged into your X account.
- Log In to X: Access your account on a web browser or the official mobile app.
- Navigate to Security Settings: Go to “Settings and privacy,” then select “Security and account access,” and finally click on “Security.”
- Manage 2FA: Open the “Two-factor authentication” menu. You will see your currently enabled security methods.
- Remove Your Old Key: Find the section for “Security key” or “Passkey.” Select the option to manage your keys, and then remove or revoke the existing key(s) associated with your account.
- Re-Add Your Key: Immediately after removing the old one, select the option to “Add a new security key” or “Add a passkey.” Follow the on-screen prompts to register the exact same key or passkey you just removed.
- Confirm and Verify: Once re-enrolled, your security key will be synced with the updated system. It’s a good practice to log out and log back in using the key to ensure everything is working correctly.
It is highly recommended to have a backup authentication method, such as an authenticator app, enabled on your account before starting this process. This provides a safety net in case you encounter any issues.
The Critical Deadline: What Happens After November 10th?
Failing to re-enroll your security key or passkey before the deadline comes with a significant risk. After this date, the old registrations will be fully deactivated.
If you do not take action, you may be unable to use your passkey or physical key to log in to your X account. This could lead to a temporary lockout until you can verify your identity through other means, which can be a time-consuming and frustrating process.
Why This Precaution is Worth Your Time
While it may seem like a minor inconvenience, this update is a vital step in protecting your digital identity. Hardware-based 2FA is the gold standard for account security, offering superior protection against phishing attacks and unauthorized access compared to SMS-based methods.
By taking a few minutes to re-enroll your device, you ensure your account remains fortified with the most robust security technology available. Don’t wait until it’s too late—secure your X account today.
Source: https://securityaffairs.com/183928/security/x-warns-users-to-re-enroll-passkeys-and-yubikeys-for-2fa-by-nov-10.html
