How to use Tumblr's new two-factor authentication

Tumblr joins a large number of online services that are making it harder for hackers to break into your account

Another major online service is making your login more secure. Yahoo-owned Tumblr announced on Monday that two-factor authentication is finally available for the microblogging site.

Two-factor authentication is an important security measure that can protect your online accounts. Instead of relying on just a username and password combination, two-factor authentication requires a one-time passcode every time you login. These codes are typically generated by a smartphone or special key fob.

Without access to the one-time password generator, hackers will have a much harder time breaking into your account.

The new feature is available now in the Settings section of the Tumblr website.

How to enable Tumblr's two-factor authentication

Navigate to your Tumblr settings page from a PC and login. Under the security section, click the slider button next to "Two-factor authentication."

You'll now be asked to re-enter your password as well as supply your mobile phone number so Tumblr can send you an SMS with your initial login code. Once you've entered all the pertinent information click Send.

A new entry box will appear on your settings page asking for a six-digit login code. In a few seconds you should receive the login code sent to the phone number you supplied in the previous step. Enter that code into the entry box and click Enable.

That's it! You're secured with two-factor authentication. Now every time you login to Tumblr you will have to enter your username, password, and a six-digit one-time passcode supplied by your phone.

Authentication apps

By default, Tumblr will send these codes to you via SMS, but it's much handier to have a dedicated authentication app installed on your phone, such as Google's Authenticator app for Android, iOS, and Blackberry OS 4.5 to 7.0.

To set-up an authenticator app, just click the slider that says "Generate code via authenticator app." You'll then have to scan a QR code using your authenticator app and then enter a practice code to make sure everything is working properly.

For more information on how to use an authenticator app check out PCWorld's Online security: your two-factor authorization checklist.

With two-factor authentication enabled, you'll need to generate and enter special one-time passwords to login to Tumblr's mobile apps for Android and iOS. If you're already logged in on your phone or tablet you won't need to worry about this step for now.

But the next time you log out of the app or set-up a new device you will--unless Tumblr adds two-factor support to its mobile apps by then.

Generating a one-time password is simple.

Just tap the Generate mobile password button on your Tumblr account settings page on your PC, then enter the generated password in place of your usual password into your mobile app.

Tumblr joins a long list of online services that are making it harder for hackers to break into your accounts thanks to two-factor authentication. Other services that also use the feature include Dropbox, Evernote, Facebook, Google, Lastpass, Microsoft, and Twitter.

Two-factor authentication isn't bullet proof, but you are far better off to have it activated than not.

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicessecurityTumblrsocial networkingauthenticationinternet

More about DropboxEvernoteFacebookGoogleMicrosoftQRYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts