Security, Squared: Introducing Two Step Authentication
We all build our blogs to be accessible and inviting, but we also want to make sure that our account and the information it contains are safe and secure. All WordPress.com blogs are already password-protected (if you’re not sure your password is strong enough, here are some tips). Now, with the introduction of Two Step Authentication, your account can become virtually impenetrable.
Why the extra step?
If an unauthorized person gains access to your account, the damage can be severe: your blog can be deleted, your posts modified or defaced, and whatever personal information your account contains becomes vulnerable. While it’s extremely difficult to crack a robust password, it’s not impossible.
Enter Two Step Authentication, an optional added layer of security. Once activated, you will log in to WordPress.com using not only your password, but also a randomly generated code. This code is highly time-sensitive, valid for thirty seconds only — this way, it’s all but impossible to guess. Imagine a basketball player trying to score a cross-court shot while blindfolded. Now imagine the same player trying to make the same shot, only with a basket that is constantly and rapidly moving: that’s the advantage Two Step Authentication gives your account security.
Activating Two Step Authentication
Taking advantage of this increased security feature is easy and straightforward: the only thing you need, other than a WordPress.com account and password, is a cell phone (no memorization required!). If you have a camera-equipped smartphone (an iPhone, Android, or BlackBerry), you will need to download the Google Authenticator app, which will provide you with the changing code. If you don’t have a smartphone, you can still use Two Step Authentication: the codes will be sent to you via SMS.
First, activate Two Step Authentication in your WordPress.com account. Hover on the WordPress.com logo at the top left corner of your screen and click on Settings. Now, click on the Security tab and enable Two Step Authentication. A setup wizard will guide you through the necessary steps.
Even if you don’t have a smartphone, the wizard will help you activate Two Step Authentication via SMS: just click on the link at the bottom of the box.
Two Step Authentication in action
We must stress two points before you activate Two Step Authentication:
- Keep the Google Authenticator app on your phone. It’s important to keep the Google Authenticator app on your phone, since it is the app that generates the code required to log in. Deleting the app can lock you out of your WordPress.com account.
- Print out backup codes. It’s crucial to understand that you will no longer be able to log in to WordPress.com without a code once you activate Two Step Authentication. It’s therefore essential that you follow the setup wizard’s instructions to generate and print out a set of backup codes. Once you’ve printed those out, keep them in a safe place. A backup code will allow you to access your account in the event that your phone is lost, stolen, or in case you’ve mistakenly deleted Google Authenticator from your phone. Without a backup code you risk locking yourself out of your account.
That’s it: with these few short steps your account is now considerably safer. Time to blog!
For additional details on Two Step Authentication, please visit the related support page.