WordPress announces the availability of Two-Factor Authentication

wordpress-logo-notext-rgbI’d like to preface this entire post with this: Way to go WordPress! I’m very excited to see this feature!

Today, WordPress joined the ranks of Google,  Apple and others in announcing support for two-factor authentication for it’s user accounts.  The only thing you need to take advantage of this added layer of security is a cellphone.  If you have a smartphone (iPhone, Android or Blackberry) then you can download the Google Authenticator app to display the login codes.  If you don’t have a smartphone or prefer not to use the Google Authenticator app, you can choose to have the authentication codes sent via SMS to your handset.

If you choose to go the Google route, you have the option to generate “backup codes” and “application specific passwords”.  The backup codes should be written down and stored in a safe place, you’ll need to use those if you lose/forget your phone and need access to your account. They’re single use and you get ten.

The application specific passwords are for apps that store a password and aren’t capable of interacting with a user for the verification code (the WordPress app for iPad is a good example).

I’ve been using the two-factor authentication from Google for my email account, hosted services and some linked accounts for quite a while now, and the added security is absolutely worth the extra few seconds it takes to login.  And while we’re on the subject of two-factor authentication; if you’d like to use your Google Authenticator app to provide an added layer of security to an SSH account (provided you have root access) there’s a great tutorial here.

A detailed write-up with step-by-step directions on how to enable this fantastic security feature for your account is available here:
http://en.support.wordpress.com/security/two-step-authentication/

3 thoughts on “WordPress announces the availability of Two-Factor Authentication

  1. Hi, I enabled the 2-Step Verification via my Gmail account but then I stopped getting emails whenever folks commented on my site. My contact form also stopped working and I assumed the 2-Step was blocking the messages. Do you know of a workaround to this? Can we actually set up an APS for a self-hosted WP site? And would it work? I’m not trying to use a smartphone app or trying to access my site via a mobile device. I just liked the added layer of security. Thanks!

  2. Hi, I recently enabled 2-Step Authentication for my Gmail account. I stopped receiving emails from readers who comment on my site. My site contact form also stopped working. After reading different threads, I’m still unclear if I can create an APS for a self-hosted WP site. I don’t use any smart phone apps, I simply liked the added layer of security. As it stands now, I revoked 2-Step so my email isn’t affected. Do you know how to use 2-Step and not have it interfere with SMTP email delivery? The wonderful WP Mail SMTP plug-in fails to work with 2-Step. Thanks!

Leave a reply below!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s