Forced Two Step Authentication

edr401mvpa · Member · Mar 6, 2017 at 11:58 am
Copy link
How can this be a “glitch”? With a concrete date set and a message threatening to “force” users to 2FA?
unrealnature · Member · Mar 6, 2017 at 12:07 pm
Copy link
Thank you for not requiring this! — another use with no smart-phone and doesn’t want one
dandelionsalad · Member · Mar 6, 2017 at 6:57 pm
Copy link
I agree with edr401mvpa. How can this be a glitch? It was a “test” to see our reactions.

I refuse to purchase a “smart”phone.
themagicrobot · Member · Mar 6, 2017 at 7:13 pm
Copy link
At first I had to check the date to make sure it wasn’t April 1st but I’m now beginning to think that maybe it really is another planned upgrade/downgrade that’s on the WordPress.com “to do” list to be implemented at some point in the future.
timethief · Member · Mar 6, 2017 at 7:21 pm
Copy link
@galois
Hi there. And, now you know why I only use my desktop computer and no apps. :)
themagicrobot · Member · Mar 6, 2017 at 7:25 pm
Copy link
@timethief I wouldn’t know how to find/install an “app” if I tried. That message that 2FA was being forced on me in 30 days time was front and centre of my (desktop computer) dashboard this morning. It seemed genuine and serious.
timethief · Member · Mar 6, 2017 at 7:38 pm
Copy link
@themagicrobot
Oh really? What a shocker that must have been. I am off to check my only public site and if this !”/$%? happens to me I will either make the site private or delete it.
mistressneko · Member · Mar 6, 2017 at 8:34 pm
Copy link
Sooooo…. not that I’m still a little paranoid, but has ehtis actually promised us that there is no plan by staff to force this change on us?

Or did he just tell us that we shouldn’t have seen the notification? Yet?

I realize that security problems are whacking sites like WordPress right and left… but if this is some sort of tease to check our reaction to such a notion, just let me say that any change must… and I absolutely mean must… have some way to accomadate we users that refuse to join the “can’t live without a mobile device” crowd. I don’t own a smartphone and never, ever want to… Having a “free” WordPress account is kinda “not free” if you also need an expensive phone and a phone plan with messaging to actually use it. I blew all my extra cash on having Internet access… my 15 year old computer works just fine thank you.

If this is inevitable, then what about this? Perhaps that “authentication code” can be sent to the e-mail we have associated with our WordPress account for example instead of a device.

That would make logging in extra difficult, but at least possible.
timethief · Member · Mar 6, 2017 at 8:40 pm
Copy link
Apparently, it was just a glitch that has been fixed now. so we have been told to clear our browser caches.
dandelionsalad · Member · Mar 6, 2017 at 9:16 pm
Copy link
@ehtis, we want to know if indeed this will eventually be the case for logging into our WP blogs in the future? Will there be alternatives for us without “smart” phones?
edr401mvpa · Member · Mar 7, 2017 at 9:51 am
Copy link
Folks, you forget that 2FA in the way proposed, is a major blow to anybody who uses wordpress to blog sensitive subjects or from a totalitarian country. You can not be anonymous in most countries when using a mobile phone to have a code texted to your every time you want to blog something. See the implications! Don´t be so naive to believe this is some security feature. And to “force” this on to their users is a phrasing that shows the real attitude these young developers hold towards the core value of the entire wordpress.com community. If this was a glitch, somebody must have spent days to implement this message throughout the wordpress systems. This was not a glitch.
edr401mvpa · Member · Mar 7, 2017 at 9:57 am
Copy link
The proposed “glitch” is a nightmare for anybody who uses WordPress as one of the extremely very few means of anonymous blogging on the widely reachable internet! When you have to identify through a “personal beacon” like a cellphone, your anonymity is blown! This “glitch” (and its aggressive phrasing) is a disaster. I fear it just shows the uninformed attitude of young developers, who always put technical “security” before anything else. “Internet Defense League”? Good joke.
edr401mvpa · Member · Mar 7, 2017 at 9:58 am
Copy link
sorry for the doubling, my first text was not being displayed for minutes, so I thought it got lost – and wrote another one.
themagicrobot · Member · Mar 7, 2017 at 10:06 am
Copy link
WordPress have a history of rolling out unnecessary changes completely out of the blue. I wonder what was really going on behind the scenes yesterday? That sudden announcement that appeared on dashboards was far more than a “glitch”. It stated that changes were about to be forced on us and even gave a deadline date. And yet a few hours later the whole thing was just as suddenly retracted???
galois · Member · Mar 7, 2017 at 11:54 am
Copy link
Hi there. And, now you know why I only use my desktop computer and no apps. :)

Me too, @timethief :)
kokkieh · Staff · Mar 7, 2017 at 3:49 pm
Copy link
Hi folks,

As @ehtis said, this was a glitch. Code is written by humans, and humans make mistakes.

An update to a plugin for VIP-hosted sites was accidentally deployed to all WordPress.com sites, and was reverted within an hour when the mistake was discovered.

There are no plans to force 2FA on all sites on WordPress.com, though I’d still recommend it as you cannot have enough security online these days.

http://support.wordpress.com/security/two-step-authentication/

I’m closing this thread now, as this issue has been resolved.

No items found.