Sign up to our newsletter
The latest security news direct to your inbox
Popular blogging service Tumblr has become the latest web giant to add two-factor authentication as an “extra layer” of security for users – describing its new measure as a “nuclear defense system” armed with twin keys.
It’s an option accessible via the site’s settings menu, and which means Tumblr joins the ranks of other social sites such as Facebook, Twitter and Evernote in offering the feature to users who fear they might be a target for hackers.
IT Pro Portal reports that the new measure was introduced after a mysterious “breach” eight months previously.
The new option is available to all users via the Settings page – users toggle the “two-factor authentication” button, then verify their phone number. The site texts users a six-digit confirmation code, which expires within two minutes.
TechRadar comments, “Whether the new measures will be welcome by the community on Tumblr is yet to be seen. Traditionally extra steps on sign-in screens have been cited as tiresome and repetitive to websites using them.”
TechCrunch points out that while the new security measure remains optional, it brings Tumblr on par with other tech giants such as Facebook and Google. Users can opt to verify their phone using either a code delivered by SMS or via an app.
Tumblr said in a blog post, “The smile of a loved one. Your childhood blanket. A handsome bodyguard to take you in his arms. “Security” can mean a lot of things in this crazy life, but nothing says “security” like Tumblr’s two-factor authentication. It’s available as an option in your Settings page as of right now.”
“You know how you need two keys to launch a nuclear missile? Two-factor authentication works like that. One key is your password, the other key is your cellular phone, and you need both to access your Tumblr Dashboard.”
Banks and online gaming services already use “authenticators” extensively – but online services such as Twitter, Evernote and Dropbox have added two-factor systems to boost security. The mass adoption of smartphones has meant that 2FA apps have become a cheaper security measure for business. Software such as ESET Secure Authentication can be deployed cheaply across a mobile workforce and increase security significantly.
Two-factor systems are far more secure than passwords – many high-profile hacks, such as those against the Twitter accounts of media organizations last year, could not have happpened if a 2FA system had been in place.
ESET’s experts offer an in-depth guide to the advantages of two-factor authentication – and when it’s not necesssary – in this how-to guide.
Author Rob Waugh, We Live Security