Almost a year ago, I lost access to this blog and I wasn’t able to post articles for a couple of weeks. In that time, I had to use the WordPress app for Android phones which luckily, I could still access. Thank God for the Android app though, but do you have any idea how cumbersome it is to type a 600-word article with the touch screen of a mobile phone… It is frustrating!! I admit though that I have kind of gotten over my fear (or distaste) of touch screens as the primary input for mobile phones. It took me a long time to transition from regular keypads, to touchscreen/keypad hybrid phones to full touchscreen, but it was on days when I had to type long articles via a mobile phone that I wished I had a phone with a full keyboard.
So back to my predicament with WordPress… the reason I lost access to my blog was due to a problem that WordPress was having with their then two-step authentication process. The way it worked back then was through SMS. After setting up the two-step authentication on your blog, WordPress will send you a one-time access code via SMS to your mobile phone each time you try to access your WordPress admin panel. This was “okay” for a while, until they encountered a problem.
But let’s face it, this method of two-step authentication was so 2005! This was how my bank used to do two-step authentication until around 2009/2010 or so when they switched to doing so via their mobile app. At first I was skeptical about that, but I have been using it for God knows how many years and I only had a problem just one time when my bank account was “out of sync” with the app on my phone. So the two-step authentication via SMS was going to be outdated, obviously. Although it is still useful especially in cases of emergency. There are websites and SMS gateways that are not able to text my number, and I still don’t know why. And I bet that there are so many others who have the same problem as well, one of whom I have met personally. So clearly, SMS is not the best solution to two-step authentication, and WordPress eventually learned this later.
Fast forward until a couple of weeks ago when I was setting up my new blog at www.kheme.tk through my web hosting company, and they suggested that I enable two-step authentication for added security. I thought to myself that I would be stupid not to give it a try just because WordPress encountered a problem once. So I took a look and discovered that the two-step authentication was done using a 3rd party mobile app called Clef. It was a relief to see that it was a different method and I quickly installed the app to give it a try. Just so you know, I have been using Clef on my new blog and it has been fine so far; I would recommend you try it out.
This article is not about the Clef app however; it is about something else. If you have been following my posts on this blog, you should have noticed that I have not posted much in the last few weeks. If you were wondering why, it has been due to mental fatigue, and some laziness plus the overwhelming feeling of trying to get my life together before I depart from this country I have known as (and called) home for the past 9 years. Nevertheless as I was compiling the list of my most popular articles for March 2015, WordPress suggested that I enabled two-step authentication for added security. I clicked to take a look, and guess what it was? WordPress now uses Google Authenticator for its two-step authentication!
You should have seen me screaming “That’s how it’s done, WordPress! Not SMS!!” in my office that morning lol. I have been so buried in work and with overwhelming tasks that I am not up to date with the trends these days. It seems like the Google Authenticator has been around since December 2013 (according to the Google Authenticator Google Play page) and I had this problem in 2014 so I wonder why WordPress too so long to decide to switch. Nonetheless, this was a breath of relief for me as I quickly downloaded the app and activated two-step authentication for my blog.
My blog has never really been at any security risk, but that is probably because it isn’t popular. But after reading my story, would you enable two-step authentication for your blog or website? Or do you already use some form of two-step authentication? Join the conversation by commenting below.