Email from WordPress saying "Two Step Authentication Disabled"
-
I got a rather worrying looking email from WordPress saying:
“Two Step Authentication has been disabled for [my account name was here].
If you did not request this change please contact WordPress.com support, or access your profile page and reset your password by clicking the button below:”When I tried to log in via my Authy generated code, it failed. I used a backup code, which worked, I then de-linked and re-linked authy and can now get in via authy codes again. Nothing on my account had been tampered with, phone number was the same etc.
I setup 2-factor auth a couple of days before, at the same time as changing my password, which is a 32 random character unique password which rates as 100%, very strong, so I’m fairly sure it hadn’t been hacked.
So, my question is:
Any idea what happened here? The email IS from WordPress, the headers are genuine and the links not suspicious. My Authy and email account are secure, so I’m not sure what’s going on here? Could it have just beenThe blog I need help with is: (visible only to logged in users)
-
BTW, it appears to be forcing me to say:
“The blog I need help with is digitaltoast.wordpress.com.”It’s not; for security, it’s a different blog, but this was the only way it would let me post the question :)
-
-
It looks like you have Two-Step Authentication enabled for your digitaltoast account.
From what I can see, someone from the same location generated some backup codes, disabled two-step, then two minutes later re-enabled it, and generated more codes. This was all done from the same location that the initial enabling of two-step was done, so it looks okay to me.
If you share your computer with someone else, it’s possible that they logged into your account, but that’s outside of our control. :)
- The topic ‘Email from WordPress saying "Two Step Authentication Disabled"’ is closed to new replies.
WordPress.com Forums 