Forced Two Step Authentication

  • dokumentor · Member ·

    Im getting a message that Two Step Authentication will be FORCED on my wordpress account. I never asked for it and I dont need it.

    Weird enough to disable 2FA the help page says it must be enabled. This sounds like a kafkaesk Catch22 policy if Im not able to disable it cause Im not able to login.

    The blog I need help with is: (visible only to logged in users)

  • galois · Member ·

    Im getting a message that Two Step Authentication will be FORCED on my wordpress account. I never asked for it and I dont need it.

    Me too.

  • mistressneko · Member ·

    Getting the same message… don’t have a smartphone, don’t WANT a &#*ning smartphone, does this mean I’m about to get locked out of my blog?

    This better not be the case… current way to log in works fine so don’t screw things up!!

    God I hate when this sort of stuff just come along out of the blue…

  • kerrymurrayphotography · Member ·

    I have the same issue. I have no interest in having 2 step authentication. Why is this being forced on us?

  • wcieniu · Member ·

    I fully support what users above said. I do not need 2FA – if I needed I would choose the authorization via e-mail or desktop app but I read that wordpress does not provide it and I have to buy a smartphone in one month to continue to use my wordpress account. Quite ridiculous thing.

  • themagicrobot · Member ·

    Are WordPress.com about to kick me out after nine years?? I don’t want to have the added complication of using a smartphone to access my site. Look how often people change/upgrade/lose/have stolen their mobile phones. If this is compulsory I predict it will be a disaster.

  • galois · Member ·

    Are WordPress.com about to kick me out after nine years?? I don’t want to have the added complication of using a smartphone to access my site. Look how often people change/upgrade/lose/have stolen their mobile phones. If this is compulsory I predict it will be a disaster.

    I totally agree-> disaster.

  • michaeldavis49008 · Member ·

    I really don’t want this, either.

  • churchmouse · Member ·

    I also do not want or need 2FA.

    I don’t work on a mobile device, only on my desktop.

    Very disappointing to find out that I will need to spend money on a mobile phone then check it for a code every time I want to log on.

    This is a terrible, absurd and — as someone else here said, Kafkaesque — development.

    WordPress should drop this upcoming mandatory requirement and everyday nuisance immediately.

    Thank you in advance for your consideration.

  • guyhickey · Member ·

    I don’t have a mobile phone and don’t really want one. I don’t know much about 2FA (will be doing some research in a moment) but I hope having a phone isn’t a requirement after April 7th. Hmm…

  • juliette2410 · Member ·

    I have the same message this morning
    I have no smartphone so what happen ?
    I don’t understand very well the problem , I’m french , could somebody explain it to me , thanks a lot

  • themagicrobot · Member ·

    Have you read just how complicated it is to set this nonsense up??

    What is Two Step Authentication?

    Two step authentication is a method of securing accounts requiring that you not only know something (a password) to log in but also that you possess something (your mobile device). The benefit of this approach to security is that even if someone guesses your password, they need to have also stolen your possession in order to break into your account.

    At WordPress.com, we offer two step authentication via mobile device. We first verify your mobile device by sending a code via one of a couple of methods. Once you’ve verified your device, any time you log in with your password, we send a new code to your device, which you must input before logging in. It adds a small extra step to the login process but makes your account much more secure.

    To set up two step authentication via an authenticator application on your device, you’ll need to start in a desktop browser.

    First, go to your Two-Step Authentication settings page at WordPress.com.

    Or, you can reach Settings by clicking on your Gravatar image from the WordPress.com home page:
    Next, click the “Security” link in the navigation on the left-hand side of the screen:
    Then, click on Two-Step Authentication and then Get Started.

    Here you’ll be prompted to select your country and to provide your mobile phone number (without country code and spaces or dashes). After doing so, click Verify Via App.

    enter-phone-number

    Next, scan the QR code presented with your authenticator app. A six-digit number will appear in the authenticator app. Enter it in the blank provided and click Enable.

    verify-code-app

    Lastly, you’ll be prompted to print backup codes. Don’t skip this step, as it’ll be your only way to log back into your account without staff assistance should your device go missing!

    Please Note: If your web browser is set to block pop-up windows, you may need to temporarily disable this feature as it will prevent the window with your backup codes from opening.

    Click All Finished.

    At this point, your site is enabled for two-step authentication. A follow-up step allows you to confirm that your backup codes work by entering one of the printed codes.

    If you’re unable to set up two step authentication using an authenticator app, you can also set it up to work via SMS messages. To do so, set up your phone number as described above, but then click Verify via SMS.

    Within a few moments, you should receive a text message that includes a 7-digit number. Enter this number in the blank provided and click Enable.

    From this point forward, you can print and verify backup codes as documented above. Your account is now protected by two step authentication.

    The login process varies slightly from the usual process once you have two step authentication enabled. Regardless of whether you used the Google Authenticator method or the SMS method to enable two step authentication, you’ll start by logging in as usual with your username and password.

    Next, you’ll be prompted to enter the verification code that was sent to your device.

    If you’re using SMS for two step authentication, we’ll send you a text message with a six-digit number. If you set up two step authentication with the Google Authenticator app, open the Google Authenticator app on your device and provide the six-digit number listed for the account. Once you’ve entered the code, you’ll be logged in and ready to blog.

    We don’t want you to lose access to your WordPress.com account—you’ll still need to be able to log in if it’s is lost, stolen, you’re locked out for any reason, or your device needs to be wiped clean (which will delete Google Authenticator). To make sure you’re never locked out of your blog, you can generate a set of ten, one-time-use backup codes. We recommend that you print the backup codes out and keep them in a secure place like a wallet or document safe. (Don’t save them on your computer. They’d be accessible to anyone using your machine.) Generating backup codes is essential and must be done. If you ever need to use a backup code, just log in like you normally would, and when asked about the login code enter the backup code instead.

    At the end of the setup process for Two Step Authorization, you’ll be given the option to generate backup codes:

    Just click “Generate Backup Codes,” print the screen containing the codes—don’t save it—and then close the screen.

    If you lose your list of backups or it’s compromised, you can generate a new set of codes. For added security, this will disable any previously-generated codes.

    Important Note: You can only generate the backup codes from a desktop browser. For example, Safari on iOS will not display the backup codes. Additionally, if your web browser is set to block pop-up windows, you will need to temporarily disable this feature as it will prevent the window with your backup codes from opening.

  • galois · Member ·

    There are more:

    If You Lose Your Device

    If you lose your device, accidentally remove the authenticator app, or are otherwise locked out of your account, the only way to get back in to your account is by using a Backup Code.

    To use a backup code, fill in your login details like you normally would. When asked about the login code enter the backup code instead. Remember: backup codes are only valid for one time each so be careful when using them.

    Enable Two-Step Authentication

    It’s a true nightmare.

  • ehtis · Staff ·

    Hi everyone,

    This was a temporary glitch which should’ve been fixed now. You don’t really have to enable 2FA for this.

    If you’re still seeing the message, please clear your browser’s cache using the steps here: https://en.support.wordpress.com/browser-issues/#clearing-your-browser-cache

  • churchmouse · Member ·

    Thank you, ehtis!

    Glad to know this was a glitch. What a relief.

  • galois · Member ·

    @ehtis: thank you & best regards. 👍

  • michaeldavis49008 · Member ·

    Ehtis, thanks for the info. That’s reassuring.

    Appreciated.

  • wcieniu · Member ·

    @ehtis
    Thank you for your clarification. Kind regards.

  • themagicrobot · Member ·

    Whew. That’s a relief. I’ve been in panic mode this morning thinking I was going to be forced into a C21st lifestyle of fiddling with a smartphone all day long like the teenagers.

  • juliette2410 · Member ·

    ouf !!! thanks a lot Ehtis :smile:

1 2
  • The topic ‘Forced Two Step Authentication’ is closed to new replies.