The company announced the move in a blog post, alerting users that it can be turned on from the settings page of their account. If turned on, users will need to authenticate their identity when logging in with a second set of credentials.
"You know how you need two keys to launch a nuclear missile? Two-factor authentication works like that. One key is your password, the other key is your cellular phone, and you need both to access your Tumblr Dashboard," explained the post.
The extra security feature is designed to stop hackers taking control of users' Tumblr accounts with a brute-force cyber attack, or stolen password. The feature can be disabled in the Settings menu of the Dashboard, but Tumblr urged its customers to leave the two-factor authentication service on.
"Your account is far less likely to get compromised if you've enabled two-factor authentication. But if you must, we'll ask you to enter your account password to make sure it's really you. You'll then be able to log in to your account without the extra verification step. If you would like to re-enable it at any point, you'll have to go through the aforementioned setup process again."
Tumblr is one of many companies to roll out the service. Twitter added the feature in May 2013 after suffering a number of data breaches. Dropbox rolled out the service in August 2012 following a massive data breach that saw criminals break into a number of its customers' accounts using passwords stolen in a separate phishing attack.
Account-hijacking cyber attacks targeting websites and services such as Tumblr have been a growing problem facing the security community. Security firm Sucuri detected a cyber attack that had hijacked more than 162,000 legitimate WordPress sites earlier in March.
No comments:
Post a Comment