Same here, been reporting the broken flow to customer support. An interesting part is the "we'll send you an email to confirm you're you", followed by a "enter validation code here" screen that immediately gets forwarded to the re-enrollment message. Also, no confirmation emails are being sent. Very surprised to see this being deployed to prod.
>An interesting part is the "we'll send you an email to confirm you're you", followed by a "enter validation code here" screen that immediately gets forwarded to the re-enrollment message. Also, no confirmation emails are being sent.
This fixes it for me:
- Open incognito
- Go to https://x.com/settings/security_and_account_access
- Log in, somehow this won't trigger that re-enroll loop
- Disable two-factor auth in the settings
- Log back in your regular browser tab
Prompted a couple of times only on the mobile device. I have a YibiKey 4 so it's inconvenient to do it with a USB-C to USB-A adapter. Ignored it for a while and eventually I wasn't able to use X without "re-enroll".
So I did it on a laptop. The process seemed legit, the entire flow was weird and not intuitive, I had to stop and read twice before proceeding (e.g. "Where to store passkey", disable all other MFA ans only use Security Key, a backup recovery code was given...). After going through all that, find myself locked out of X because of the infinite re-enroll loop, OMG.
Contacted support, let's see how long it takes. After this, I don't think I'll continue to use Security Key with X...
I'm stuck in the same loop and effectively locked out of my account. I wanted to complain about this on X and of course I can't do that. I also wanted to see if I was the only one affected or it was more widespread, but of course being logged out it's impossible.
Same here, I've re-enrolled my Yubikeys 3 times so far, to the point that trying a full re-login asks "what do you want to use for 2FA?" and the list is 6+ generic named "Security Key".
Same here - simply cannot fix it, and it's somewhat annoying that it talks about Yubikeys when I'm only using on-device security keys instead. Must be very confusing for many others!
I was very confused, too. I mean, I do have a YubiKey but Twitter/X has never (or for a very very very long time not) asked me to use my YubiKey to authenticate. As far as I could remember, I only need to use OTP from Authy as 2FA to login. So the whole thing smelled really fishy.
Glad to hear I'm not alone. Just made an account on this website to type this lol.
The twitter login loops are somehow WORSE than the Microsoft login page, which is crazy to believe. I have tried to save the passkey using Bitwarden and that also doesn't work, they clearly broke something.
me too, first time I heard about this Yubikey and they said that I needed to re-enroll to unlock... This just shows how weak we are in the social network era.
Kind of crazy this made it into production, one would think the geniuses at the everything app would be using security keys themselves and would have more interest than usual in making sure the enrollment process is flawless...
Stuck in this loop also. Even re-enrolling with different Yubikeys didn't seem to solve this. It's persisting across different devices as well, happening both on iOS and on desktop.
Woke up thinking this was a bug with my device. Then I saw the email code thing, and figured I had misconfigured my domain DNS or forgotten to renew it. Who would've thought it was just x.com being x.com. Hopefully they fix it soon, this is ridiculous.
They forced turning off authenticator in the re-enroll flow for me originally. Now just stuck in a loop of authenticating. Hopefully mine comes back soon. This is frustrating.
They are indeed very, very lost. I don't understand it either. Ideally, you want multiple methods of authentication! Sigh. If I do get back in I might just try re-adding it lol.
I've been trying to re-enroll mine when they prompted me previously and it didn't work then, I have no idea why they decided to force it when enrollment wasn't working already.
Same here on 2 accounts, both having 2fa through a HW key(yubikey; though passkeys have the same behavior). At some point today(few hours ago) both my desktop and phone got reditected to x.com/account/access, where the loop started.
Frustratingly enough, i had already done the "re-enrollment" a long time ago(basically when they announced it was mandatory), but it seems like that was pointless(hopefully not).
I saw some prompts about birdhouse, re-did the enrollment, and badly enough (I think i dug my own hole with this one) it asked to remove the other 2FA option (SMS), to which I clicked yes.
This might sound bad but I sincerely hope X fixes it somehow, and all the keys enrolled/re-(re-[etc])-enrolled are not lost, especially those that were not added today. It might be a good idea (in practice, bad for security) to disable this new "https://x.com/account/access?flow=two-factor-security-key-po..." garbage fully, as I don't see myself contacting X support anytime soon(for obvious reasons).
(replying instead of editing for timestamp purposes) I clicked "enroll" randomly again > an "error has occurred" message appeared > the page randomly refreshed and everything works now.
Got here after finding myself stuck in that exact loop (which initially I assumed was a phishing attempt from a webview ad link I thought I accidentally clicked).
Looks like some users who have never used or heard of Yubikey report being locked out and stuck in the same loop.
one of the reasons i waited so long to do it is bc i knew twitter would fuck it up... and lo and behold they now force you to... anddddd they fucked it up
I take solace in the fact that for this one time i'm not the only one stuck in a bs purgatory. Is it too much to ask of a roman-saluting trillionaire to not break basic things?
Same here, been reporting the broken flow to customer support. An interesting part is the "we'll send you an email to confirm you're you", followed by a "enter validation code here" screen that immediately gets forwarded to the re-enrollment message. Also, no confirmation emails are being sent. Very surprised to see this being deployed to prod.
>An interesting part is the "we'll send you an email to confirm you're you", followed by a "enter validation code here" screen that immediately gets forwarded to the re-enrollment message. Also, no confirmation emails are being sent.
That is _exactly_ what happens to me.
on android and browser i get that behavior, on ios it just says "something went wrong" after the email confirm part
Same on iOS, with the fun bonus of the "something went wrong" modal looping as well! (Without retrying, you're just stuck in modal hell)
Same for me, I cannot do anything. Looks like someone did not test its code before deployment
my exact same experience... you knew they would fuck it up... and they have!
If "we need to have this done by Nov 12th" is the milestone they were going for, and not a functional flow, then it was a great success.
This fixes it for me: - Open incognito - Go to https://x.com/settings/security_and_account_access - Log in, somehow this won't trigger that re-enroll loop - Disable two-factor auth in the settings - Log back in your regular browser tab
Same for me. I've seen many people being back to normal though.
I re-enrolled on mobile using a Yubikey NFC with the iOS app back in October when prompted.
Force logged-out today from a session on Desktop Chrome. Stuck in the loop. Force logged-out on iOS app.
Burnt recovery code in further attempts.
Tried again when support asked me to by email. Got a "suspicious login attempt prevented" message. That's 2 hours ago. Silence from support since.
Tried again, back to the loop (the "suspicious login attempt" message is gone), but I'm still not able to re-enroll the key.
Anyone can describe their setup that managed to login again?
Update: back to normal. I can login
Prompted a couple of times only on the mobile device. I have a YibiKey 4 so it's inconvenient to do it with a USB-C to USB-A adapter. Ignored it for a while and eventually I wasn't able to use X without "re-enroll".
So I did it on a laptop. The process seemed legit, the entire flow was weird and not intuitive, I had to stop and read twice before proceeding (e.g. "Where to store passkey", disable all other MFA ans only use Security Key, a backup recovery code was given...). After going through all that, find myself locked out of X because of the infinite re-enroll loop, OMG.
Contacted support, let's see how long it takes. After this, I don't think I'll continue to use Security Key with X...
Great idea to let the bullets fly. After taking a nap, the issue was fixed by X
Text message and Authenticator were disabled, two Yubikeys present in Security Keys. I don't get the idea of this process.
Oh wow, here's the thread I was looking for.
I'm stuck in the same loop and effectively locked out of my account. I wanted to complain about this on X and of course I can't do that. I also wanted to see if I was the only one affected or it was more widespread, but of course being logged out it's impossible.
Thankfully there's still HN :)
I'm still locked out too.. No clue what to do. I just did a support ticket.
Same here, I've re-enrolled my Yubikeys 3 times so far, to the point that trying a full re-login asks "what do you want to use for 2FA?" and the list is 6+ generic named "Security Key".
Same here - simply cannot fix it, and it's somewhat annoying that it talks about Yubikeys when I'm only using on-device security keys instead. Must be very confusing for many others!
I was very confused, too. I mean, I do have a YubiKey but Twitter/X has never (or for a very very very long time not) asked me to use my YubiKey to authenticate. As far as I could remember, I only need to use OTP from Authy as 2FA to login. So the whole thing smelled really fishy.
Yeah same for me, re-registering the Passkey in Bitwarden worked but it just loops after that with the same message. "Testing in prod" I guess.
EDIT: they fixed it now
Grok says they are reverting the changes now, should be fixed soon. Funny I can still get in to Gork.
Glad to hear I'm not alone. Just made an account on this website to type this lol.
The twitter login loops are somehow WORSE than the Microsoft login page, which is crazy to believe. I have tried to save the passkey using Bitwarden and that also doesn't work, they clearly broke something.
me too, first time I heard about this Yubikey and they said that I needed to re-enroll to unlock... This just shows how weak we are in the social network era.
"Get a YubiKey," they said. "It'll be fun!," they said.
Grrrrr.....stuck like Chuck.
What gets me is that I re-enrolled weeks ago and still got stuck in this loop. Sigh.
Uh-oh, looks like the only way out is to unenroll security key completely (if it was enrolled when DNS rebrand was not done).
Kind of crazy this made it into production, one would think the geniuses at the everything app would be using security keys themselves and would have more interest than usual in making sure the enrollment process is flawless...
The post is gaining traction as more than a dozen users, including me, report the same issue.
Stuck in this loop also. Even re-enrolling with different Yubikeys didn't seem to solve this. It's persisting across different devices as well, happening both on iOS and on desktop.
I am stuck in this loop as well. All devices, all attempts to clear cookies, log out and back in, etc, don't work.
twitter login is trash. The captchas, the loops, the verifications. It has always been clunky as hell.
Happened to me as well.
Side note, why isn't this on the front page? The points to recency ratio seems high enough.
Woke up thinking this was a bug with my device. Then I saw the email code thing, and figured I had misconfigured my domain DNS or forgotten to renew it. Who would've thought it was just x.com being x.com. Hopefully they fix it soon, this is ridiculous.
Looks like they only test in `prod`. Probably they used grok to generate the tests code ;)
My account seems to be back, I didn't do anything. Just went to X and now it loads.
Now to see what configuration is set for 2fa on my account...
Looks like my traditional 2fa method was removed and only the security key is left.
They forced turning off authenticator in the re-enroll flow for me originally. Now just stuck in a loop of authenticating. Hopefully mine comes back soon. This is frustrating.
Please explain to me how deactivating the "normal" 2fa is a good idea, they are so lost.
And idk man, I simply clicked on an article on Google and it loaded right up lol. Looks like they are reverting, try refreshing.
They are indeed very, very lost. I don't understand it either. Ideally, you want multiple methods of authentication! Sigh. If I do get back in I might just try re-adding it lol.
Thank you for your insight.
Looks like it's fully reverted now, try again.
I've been trying to re-enroll mine when they prompted me previously and it didn't work then, I have no idea why they decided to force it when enrollment wasn't working already.
Same here stuck in the Loop myself Added Iphone passkey tried loggin in but nothing
I don't even know what a Yubikey is and I'm stuck in this loop
Same here, tried 3 times and it seemed to be endless.
What happened to phased rollouts in production?
See also:
https://www.reddit.com/r/Twitter/comments/1ovd3wz/im_not_abl...
https://www.windowscentral.com/software-apps/live/x-goes-dow...
Also happening here across two accounts.
Same problem here. Got logged out 30 min ago, can’t get back in. This is what happens when you hire Indians.
Also stuck in this endless loop.
Same - this should be a major SEV
Looks like they reverted the changes, I was able to get back in.
And looks like in the process any drafts users may have had are all gone now.
stuck but I've never used any hardware security keys on my account
Yep, this is me as well.
they just fixed it for me (well I'm not stuck in the loop anymore idk if they "fixed" fixed it yet)
Did you have to relog in or complete the flow one more time or?
I'm stuck .... how can this go to prod.
good to know I'm not alone, can't figure out how to get out of the re-enroll deadlock.
Same here on 2 accounts, both having 2fa through a HW key(yubikey; though passkeys have the same behavior). At some point today(few hours ago) both my desktop and phone got reditected to x.com/account/access, where the loop started.
Frustratingly enough, i had already done the "re-enrollment" a long time ago(basically when they announced it was mandatory), but it seems like that was pointless(hopefully not).
I saw some prompts about birdhouse, re-did the enrollment, and badly enough (I think i dug my own hole with this one) it asked to remove the other 2FA option (SMS), to which I clicked yes.
This might sound bad but I sincerely hope X fixes it somehow, and all the keys enrolled/re-(re-[etc])-enrolled are not lost, especially those that were not added today. It might be a good idea (in practice, bad for security) to disable this new "https://x.com/account/access?flow=two-factor-security-key-po..." garbage fully, as I don't see myself contacting X support anytime soon(for obvious reasons).
(replying instead of editing for timestamp purposes) I clicked "enroll" randomly again > an "error has occurred" message appeared > the page randomly refreshed and everything works now.
im not alone. i have all same problem. Anyone know what happened?
This might never be fixed.
thats a bit weird from you
edit: OP originally said 'This is what happens when you hire Indian engineers'
Now it works, at least for me. Try now!
Got here after finding myself stuck in that exact loop (which initially I assumed was a phishing attempt from a webview ad link I thought I accidentally clicked).
Looks like some users who have never used or heard of Yubikey report being locked out and stuck in the same loop.
locked as well rip
What a shitty UX, the only account I could sign in into was an old unused one
nice to know i'm not specifically fucked here i guess
one of the reasons i waited so long to do it is bc i knew twitter would fuck it up... and lo and behold they now force you to... anddddd they fucked it up
smh. who pushed this nonsense to prod. I'm locked out too lol
same
me too
FFS. Me to.
I take solace in the fact that for this one time i'm not the only one stuck in a bs purgatory. Is it too much to ask of a roman-saluting trillionaire to not break basic things?