Two factor identification

  • Unknown's avatar
    ejstoo · Member ·

    Is there a WordPress ability to ask for an email address for a code. Long story, but had two factor identification go very very wrong. Cell went down for a time…had to get a new one. Kept number, but codes didn’t come any more. I lost my Facebook account over it and I’ve removed all cell phone identifications from my accounts. It caused me nothing but grief…so unless I can use an email address to get my account back, which would also let me know if I had a hack, I refuse to use two factor with cell #. It just went very wrong. I won’t give a passport or driver’s license or anything like that online to get an account back. Thanks for any help you can give me with this. Thanks,

    The site I need help with is [visible only to staff] (email visible only to moderators and staff).

  • kokkieh · Staff ·

    Hi there,

    We don’t send two-factor codes via email, no. The whole point of having 2FA is to have a form of verification in addition to your email. For example, if someone hacked your email and used it to request a password reset for your WordPress.com account, and then the code also went to the same email the hacker already has access to, 2FA will serve no purpose. That’s why proper 2FA always requires the use of a completely separate device, like a phone or a physical key.

    We support 2FA via authenticator apps like Google Authenticator, Authy and Duo, via the WordPress.com mobile app, and using physical keys like the Google Titan key or the Yubikey, so you don’t need to use your mobile number. You can see all the options we have here:

    https://wordpress.com/support/security/two-step-authentication/

    We don’t accept photo ID for ownership verification – we don’t request that when you create an account with us, so there’s nothing we could verify it against if one later used that to try and claim ownership of an account.

  • Unknown's avatar
    ejstoo · Member ·

    Thanks. You see I had a hugely bad experience with cell phone two factor. I ended up losing a whole social media account. It was the main one and had to scramble to replace with another forum. My cell broke and I got locked out at same time. I didn’t get the codes and now it won’t send me the code….and I’m not entirely convinced that my account was not hacked. Since code stopped sending to me, it is possible someone changed the phone number for the account. I don’t know for sure. So, I’m left incredibly distrustful of a potential source that will not work if disabled. I have more than one email…therefore I could use a different email for two factor. I’m not familiar with a lot of what you suggest because I’m over 55 and doing blogging, pod casting and a lot of stuff for the first time. Thanks though.

  • The topic ‘Two factor identification’ is closed to new replies.