2-STEP VERIFICATION: New mobile phone number
-
Firstly, as background, tonight I changed my WP-system generated Strong Password as I have decided to change my login password on a monthly basis. As I had to re-login after doing this, I checked the box asking the WP system to remember my SMS verification code for 30 days (as I only login using my laptop which no-one else uses). I have kept that SMS verification code in a safe place, along with my new strong password, as well as the backup codes.
Question 1: Do I really need to use the 2-step verification code if I change my Strong password every month?
Secondly, I am thinking about changing my mobile phone service provider and probably getting a new mobile telephone number as a result.
In my Account Settings > Security, there is no simple way of changing the mobile phone number listed there.
Question 2: Is it correct to think that I need to Disable the 2-step verification status, so that one can start the process again to replace the current phone number shown there?
Question 3: If your answer to Question 1 is NO, I presume I can disable the 2-step verification and still feel reasonably secure?
I have no other applications connected to my account other than Gravatar.
The blog I need help with is: (visible only to logged in users)
-
Reference link: http://en.support.wordpress.com/security/two-step-authentication/
I’ll tag this thread for Staff assistance because I do not know how to help you. Another Volunteer may answer prior to Staff but I tagged the thread so it will not fall through the cracks and escape attention. Please subscribe to the thread so you are notified when they respond and please be patient while waiting.
-
Question 1: Do I really need to use the 2-step verification code if I change my Strong password every month?
I’d advise keeping two-step verification in place personally, as it’s an extra step for any malicious party to surmount. Also, if someone does find your password through whatever means, they’re not going to wait 30 days before attempting to use it!
That being said, I personally like Authy to generate authentication codes, rather than having them texted to me, as there’s less delay for the text, and it’s device-agnostic (your secret key is backed up in an encrypted format, so you can switch it easily from one device to another, even if your last device was sent through the washing machine! [yes, this has happened to me]). You can use Authy just as you could use the Google Authenticator app — they both implement the same open standard.
Question 2: Is it correct to think that I need to Disable the 2-step verification status, so that one can start the process again to replace the current phone number shown there?
At the moment, I believe so. However, we’re currently looking on iterating on how we’re managing phone numbers, and this is a great concern and user experience issue that I’ll be bringing up to make sure that we can simplify it for the next version.
I have kept that SMS verification code in a safe place, along with my new strong password, as well as the backup codes.
While it’s important to store your backup codes, the SMS verification code that you receive — once input to login — can be safely discarded. It’s only good for that specific login. Also, you may want to consider whether you’d like to store your password and backup codes in the same place — as if one is found, the other then is as well, and the game is up!
Please let me know if there’s anything else that I can answer for you. :)
-
@timethief and @georgestephanis: Thank you both for your helpful advice. Investigation is pending! <3
- The topic ‘2-STEP VERIFICATION: New mobile phone number’ is closed to new replies.
WordPress.com Forums 