How to use Tumblr's new two-factor authentication

Another major online service is making your login more secure. Yahoo-owned Tumblr announced on Monday that two-factor authentication is finally available for the microblogging site.

Two-factor authentication is an important security measure that can protect your online accounts. Instead of relying on just a username and password combination, two-factor authentication requires a one-time passcode every time you login. These codes are typically generated by a smartphone or special key fob.

Without access to the one-time password generator, hackers will have a much harder time breaking into your account.

The new feature is available now in the Settings section of the Tumblr website.

How to enable Tumblr's two-factor authentication

Navigate to your Tumblr settings page from a PC and login. Under the security section, click the slider button next to "Two-factor authentication."

You'll now be asked to re-enter your password as well as supply your mobile phone number so Tumblr can send you an SMS with your initial login code. Once you've entered all the pertinent information click Send.

A new entry box will appear on your settings page asking for a six-digit login code. In a few seconds you should receive the login code sent to the phone number you supplied in the previous step. Enter that code into the entry box and click Enable.

That's it! You're secured with two-factor authentication. Now every time you login to Tumblr you will have to enter your username, password, and a six-digit one-time passcode supplied by your phone.

Authentication apps

By default, Tumblr will send these codes to you via SMS, but it's much handier to have a dedicated authentication app installed on your phone, such as Google's Authenticator app for Android, iOS, and Blackberry OS 4.5 to 7.0.

To set-up an authenticator app, just click the slider that says "Generate code via authenticator app." You'll then have to scan a QR code using your authenticator app and then enter a practice code to make sure everything is working properly.

For more information on how to use an authenticator app check out PCWorld's Online security: your two-factor authorization checklist.

With two-factor authentication enabled, you'll need to generate and enter special one-time passwords to login to Tumblr's mobile apps for Android and iOS. If you're already logged in on your phone or tablet you won't need to worry about this step for now.

But the next time you log out of the app or set-up a new device you will--unless Tumblr adds two-factor support to its mobile apps by then.

Generating a one-time password is simple.

Just tap the Generate mobile password button on your Tumblr account settings page on your PC, then enter the generated password in place of your usual password into your mobile app.

Tumblr joins a long list of online services that are making it harder for hackers to break into your accounts thanks to two-factor authentication. Other services that also use the feature include Dropbox, Evernote, Facebook, Google, Lastpass, Microsoft, and Twitter.

Two-factor authentication isn't bullet proof, but you are far better off to have it activated than not.