How to better protect your Tumblr account from hackers with two-step verification (2SV)

Enable two-step verification to make it harder for hackers to hijack your online accounts.

David Bisson
@DMBisson

Two-step verification (2SV) is an additional layer of security that we can use to better protect our web accounts.

Many online services, from email providers to payment processors, provide users with the option of enabling 2SV. Fortunately, so do many social media platforms.

As part of our ongoing article series on 2SV, we’ve covered how to enable 2SV on a number of sites – including Facebook, Twitter, and LinkedIn.

Sign up to our newsletter
Security news, advice, and tips.

But that in no way covers all the social networking sites out there that come with this optional security feature.

Some of them, such as Tumblr, call their implementation “two-factor authentication (2FA),” a term which is fundamentally different from 2SV. In actuality, Tumblr’s version of 2FA functions exactly the same as 2SV. Let me show you.

In this guide, I will walk through the steps on how to enable 2SV on your Tumblr account.

1. Sign into your Tumblr account using a web browser.

2. At the top-right corner of the page, you’ll see either a thumbnail of your profile picture (if you uploaded one) or an icon shaped like a human bust.

Click on that icon/thumbnail and select the “Account” option that appears in the drop-down menu.

3. On your “Account” page, you’ll see some basic information about your profile, including your verified email address and preferred language. You’ll also see you have the ability to enable some security features. One of them is “Two-factor authentication,” which is in reality 2SV. Click on the switch next to “Two-factor authentication.”

4. In order to activate 2SV, you will need to verify your mobile phone number with Tumblr. Enter your number in to the provided text field that appears below “Two-factor authentication” so that Tumblr can send you a verification code. Then enter in your password and click on the blue “Send” button.

5. Tumblr will send a 6-digit verification code to your phone. Enter that code into the provided text field in your web browser and click on the “Enable” button.

6. And you’re done! On your “Account” page, you’ll now see that 2SV is enabled. By default, Tumblr will send verification codes to your phone via SMS. But you do have the option to generate codes using an authentication app such as Google Authenticator:

Now every time you log into your account, you’ll see this page after you’ve entered in your username and password:

Simply enter the code sent to your mobile phone and click on the “Log In” button. You’ll automatically be redirected to your home page.

Read more:

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.