Skip to main content

Tumblr beefs up security after breach

Tumblr is boosting security with the addition of two-factor authentication, which requires users to input their account password as well as a unique code each time they log in.

The move comes eight months after Tumblr urged iOS users to change their passwords following a mysterious breach.

"The smile of a loved one. Your childhood blanket. A handsome bodyguard to take you in his arms. 'Security' can mean a lot of things in this crazy life," Tumblr wrote in a blog post. "But nothing says 'security' like Tumblr's two-factor authentication."

The new option is now available via your Settings page; just toggle the "two-factor authentication" button to the right, then verify your phone number to proceed. Tumblr will text you a six-digit code, but be quick about entering it—the code expires only two minutes from being sent.

After activating the feature, you will receive a unique, single-use code via SMS or authenticator app (or both) each time you log in to the blogging service.

On mobile (iOS and Android), navigate to your Account Settings page to generate a special, one-time-use password, which will allow you to log in through your mobile apps. "Don't worry about memorizing that password, by the way. You'll only need it once, and it's really stupid-looking anyway," Tumblr said.

Turn off the two-factor authentication feature at any time in your Settings, though Tumblr said "we strongly advise against this."

"Your account is far less likely to get compromised if you've enabled Two-Factor Authentication," the help page said. But if you must, just enter your account password and you can return to logging in without the extra verification step.