Today, WordPress joined the ranks of Google, Apple and others in announcing support for two-factor authentication for it’s user accounts. The only thing you need to take advantage of this added layer of security is a cellphone. If you have a smartphone (iPhone, Android or Blackberry) then you can download the Google Authenticator app to display the login codes. If you don’t have a smartphone or prefer not to use the Google Authenticator app, you can choose to have the authentication codes sent via SMS to your handset.
If you choose to go the Google route, you have the option to generate “backup codes” and “application specific passwords”. The backup codes should be written down and stored in a safe place, you’ll need to use those if you lose/forget your phone and need access to your account. They’re single use and you get ten.
The application specific passwords are for apps that store a password and aren’t capable of interacting with a user for the verification code (the WordPress app for iPad is a good example).
I’ve been using the two-factor authentication from Google for my email account, hosted services and some linked accounts for quite a while now, and the added security is absolutely worth the extra few seconds it takes to login. And while we’re on the subject of two-factor authentication; if you’d like to use your Google Authenticator app to provide an added layer of security to an SSH account (provided you have root access) there’s a great tutorial here.
A detailed write-up with step-by-step directions on how to enable this fantastic security feature for your account is available here: