Tumblr beefs up security with two-factor authentication

Filed Under: Featured, Security threats

Tumblr has now joined its evolutionarily, ever-more security-conscious brethren by plugging in 2FA, it announced on Monday.

Two-factor authentication (2FA) is also known as multi-factor or two-step verification and is the process of verifying someone's identity with two out of three possible identifiers:

  • Something you know
  • Something you have
  • Something you are

Good for Tumblr. 2FA is a smart security step.

The point of 2FA is to make it tough for anybody - hackers, exes, overly dexterous pets, you name it - to get into your Tumblr account.

Tumblr 2FA

Once set up, users will need to enter a unique single-use code every time they log in to Tumblr.

That code will be generated by an authenticator app - it recommends Google Authenticator - or received via SMS to a phone (which, as Tumblr wisely nagged/asked, you've already password-protected, right? … Ahem! Right? That security step is smack-dab at the top of Naked Security's 10 tips for protecting your smartphone!).

2FA is already being used, to varying extent and in varying ways, by an ever-expanding list of sites, including Facebook, Google, Apple, WordPress, LinkedIn, and Twitter.

Tumblr put up a posting explaining how to set up and manage 2FA.

Here's how to turn it on:

  1. Visit your account settings.
  2. Click the "Enable" checkbox.
  3. Enter your phone number.
  4. Decide whether you'd like to receive the code via text or through the authenticator app. Tumblr recommends both, in case you need to use one as a backup. (It's worth noting that Paul Ducklin, when he was setting up 2FA for accessing the WordPress platform that Naked Security runs on, chose to get his codes sent via SMS, "thus ensuring that my login codes are delivered neither to my laptop nor my tablet, but to a vanilla mobile phone.")
  5. Follow the steps laid out in the settings page.

And there you have it.

Just like you need two keys to launch a nuclear missile (says Tumblr, in one of the scarier analogies of the day), you'll have two keys to launch Tumblr: your password and either your phone or the authenticator app.

Good luck keeping safe and, well, you know, not blowing us all to kingdom come.

Want to learn more about 2FA? I dug through the treasure trove of TechKnow podcasts to pull out one that Paul Ducklin and Chet Wisniewski recorded on the subject about a year ago:

Listen now:

Listen later:

Download Techknow podcast


You might like

One Response to Tumblr beefs up security with two-factor authentication

  1. Chuck · 520 days ago

    So they are going to demand your phone number like Google and Yahoo do? This has nothing to do with hackers and has *everything* to do with preventing anonymous accounts. It's all about data collection, tracking you across the web and nothing more. I have a gmail account. It's old and I will continue to use it. But all new accounts created for new groups and message boards will not be Yahoo or Google. All new emails and message boards that I subscribe to will allow VPNs and/or Tor. Screw all the rest. I mean really!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.