Twitter to Lock Down Accounts Using Hardware Security Keys for Two-Factor Authentication (2FA)
All X (formerly Twitter) users are now being notified about an important change regarding the use of hardware security keys for two-factor authentication (2FA).
Starting on November 10, 2025, if users wish to continue utilizing hardware security keys (also known as passkeys) for 2FA, they must re-enroll their accounts by this date. Failure to do so will result in their accounts being locked, meaning they will no longer have access to the platform.
The company has made it clear that users who depend on physical hardware security keys—such as YubiKeys and other passkey devices—are affected by this update. This move is part of a broader initiative to streamline and enhance the security infrastructure for X’s users. After the cutoff date, any accounts still relying on outdated security configurations will face a lockout until the necessary steps to re-enroll have been completed.
Why Is Twitter (X) Making This Change?
Hardware security keys are designed to enhance the security of online accounts by providing an extra layer of protection beyond just usernames and passwords. These physical devices act as a form of authentication during the login process, ensuring that even if a hacker obtains your password, they cannot access your account without having the actual device in hand.
X has stated that after November 10, 2025, the company will phase out services linked to Twitter.com, making way for a more robust system that integrates hardware security keys directly with X.com. This change will help the company retire Twitter.com in an orderly manner by the end of this year.
The move is also part of broader efforts to protect users from phishing attacks, financial fraud, and malware-based threats. According to security analysts, physical security keys were previously linked to the Twitter.com domain, but after the transition, only accounts that have re-enrolled through the new system will maintain secure access.
What Does This Mean for Users?
For users unfamiliar with the concept of security keys, this process ensures that if a hacker somehow gains access to an account password, they would still need to have physical access to the user’s security device in order to make any changes to the account. This provides an added layer of protection, making it significantly harder for malicious actors to successfully compromise an account.
To avoid account lockout, X urges all users to re-enroll their security keys before the deadline. If you are currently using a hardware security key, ensure that it is properly linked to your account through X’s updated security procedures.
TCS Denies Marks & Spencer Cyber Attack Claims Amid $1 Billion Contract Dispute
In a dramatic development earlier this year, the UK-based fashion retailer Marks & Spencer (M&S) was the victim of a severe cyber attack that resulted in losses exceeding £300 million. The company initially blamed its Indian technology partner Tata Consultancy Services (TCS), a major IT outsourcing firm, for the breach, claiming that TCS was responsible for the vulnerability that allowed the hacking group to infiltrate their network.
In response to the attack, Marks and Spencer decided to terminate its $1 billion contract with TCS, a move that shocked the industry. However, TCS has vehemently denied these claims, labeling them as “baseless.” The Indian tech giant also emphasized that M&S had been considering shifting partners well before the cyber attack occurred, dating back to January 2025, long before the breach took place.
The Growing Dispute: Is TCS to Blame?
Sources close to M&S have suggested that the decision to end the contract and accuse TCS might not be entirely about the breach itself but could also be influenced by other factors. These include the company’s desire to cut ties with TCS and find a more competitive partner in the rapidly evolving tech services market. According to these sources, the contract breakup has led to a significant drop in TCS’s stock market performance, further complicating the situation.
Interestingly, reports from The Telegraph, which first broke the story, have suggested that there could be more to this saga than meets the eye. The publication has faced accusations of sensationalizing the situation, with some industry experts questioning the accuracy and motives behind the claims. This controversy over the cyber attack, combined with TCS’s ongoing denials, adds a layer of complexity to the matter.
A Wider Trend?
The Telegraph, known for its detailed coverage of international business, has been under scrutiny for its potential bias against companies based in Asian countries, particularly India. Some experts believe the publication may be exaggerating the situation or framing the issue in a way that paints TCS negatively. This has raised questions about the motivations behind the reports and whether they accurately reflect the events that led up to the cyber attack.
Given the long history of outsourcing between the UK and India, this situation may just be one piece of a larger narrative in the evolving global landscape of technology and business partnerships.
Conclusion
While the situation between M&S and TCS remains fluid, both companies continue to dispute the claims. M&S is reeling from the financial damage caused by the attack, and TCS is determined to clear its name. Whether this will lead to legal action or a resolution remains to be seen, but the case highlights the growing risks of cyber threats and the complexities of outsourcing in today’s interconnected digital world.
Join our LinkedIn group Information Security Community!
