Your "two-step" authentication system… sucks. Sorry.

  • Unknown's avatar
    adastracomix · Member ·

    Why on Earth do you have such a complicated “security” system for your bloggers?

    I clicked on the notice that keeps popping up to get “two-step authentication” for security purposes for my blog. Sure. I’m on my lunchbreak, I’ve got some time.

    So I go to the page. I punch in my phone number.

    Little did I know it would include:
    – Downloading, installing, and setting up two new programs onto my Smartphone (Google Authenticator and the QR Reader app)
    – Printing a sheet of TEN 8-9 digit BACKUP codes… just in case all of the apps I just downloaded were totally useless. Which I guess they are, for REAL security.
    – Looking around in confusion as to what to do next, since the “practice” code I typed in at the end… didn’t even work! So please tell me why security needs to be this frustrating?

    The blog I need help with is: (visible only to logged in users)

  • kraftbj · Staff ·

    Hi,

    Thanks for your feedback. Please note, too, that two-step is optional for using WordPress.com.

    You’re right—it isn’t the simplest process. The Google Authenticator app can be used for a number of different websites (Google/Gmail, WordPress.com, Facebook, etc), so while a bit painful, it is a one-time event that can be used elsewhere.

    The backup codes are just that, backup. If your phone is lost or stolen, the codes would be needed to access your accounts.

    With the verification, did none of the codes worked? If you don’t mind, how many digits was the code that failed? That could help us improve for the next person.

    With two-step authentication, the idea is that no one could access your account with two pieces of information—your password and a code provided by your phone (or a backup code). Virtually all, if not all, instances of hacking of accounts have been the results of passwords guessed, so, while frustrating at times, the additional means adds an extra layer security that is extremely difficult to “game”.

    If you have any questions or need anything else, please let me know. Thanks!

  • The topic ‘Your "two-step" authentication system… sucks. Sorry.’ is closed to new replies.