I Disabled 2-factor Authenticator. When I Enable It Again Will It Generate a New Key?
Your WordPress.com site is your home on the internet, and you want to keep that home safe. Hopefully, yous've already chosen a unique and hard-to-scissure password for your account. To add together another layer of abode security, y'all can enable 2-pace authentication.
Table of Contents
What is Two-Step Authentication?
Ii-step authentication is a method of securing accounts requiring that you lot not simplyknow something (a password) to log in just besides that youpossess something (your mobile device or a concrete key). The do good of this approach to security is that even if someone guesses your countersign, they need to have too stolen your possession in gild to break into your account.
At WordPress.com, we offer ii-step authentication via mobile device and physical security primal. We commencement verify your mobile device by sending a lawmaking via i of a couple of methods. Once you've verified your mobile device, you tin as well add authentication that uses a concrete key instead.
One time yous've ready upwardly 2-footstep authentication, whatever time you lot log in with your countersign, nosotros send a new code to your device which yous must input, or yous have to plug in your physical key earlier logging in. It adds a pocket-size extra step to the login process merely makes your business relationship much more secure.
↑ Table of Contents ↑
Setup with an Authenticator App
To set up two-step hallmark via an authenticator awarding like Google Authenticator, Authy, or Duo on your device, you'll demand to starting time in a desktop browser.
First, go to your 2-Footstep Authentication settings page at WordPress.com.
Or, you can reach Settings past clicking on your profile paradigm from the WordPress.com dwelling page:
Adjacent, click the "Security" link in the navigation on the left-hand side of the screen:
Then, click on Two-Step Hallmark and so Get Started.
Here you'll exist prompted to select your country and to provide your mobile telephone number (without land code and spaces or dashes). After doing and then, clickVerify Via App.
Next, scan the QR code presented with your authenticator app. A six-digit number will announced in the authenticator app. Enter it in the field provided and click Enable.
Lastly, you'll be prompted to print backup codes. Don't skip this step, every bit it'll be your simply way to log back into your account without staff help should your device go missing!
Please Notation: If your web browser is ready to block pop-up windows, you may need to temporarily disable this feature as it will preclude the window with your backup codes from opening.
Click All Finished.
At this point, your site is enabled for two-step hallmark. A follow-up pace allows you to ostend that your backup codes work past entering one of the printed codes.
↑ Table of Contents ↑
Setup with SMS Codes
If you lot're unable to fix two-footstep authentication using an authenticator app, yous can also set it up to work via SMS letters. To practice so, ready upwardly your phone number every bit described above, simply then clickVerify via SMS.
Within a few moments, you should receive a text message that includes a 7-digit number. Enter this number in the blank provided and click Enable.
From this point forward, you can print and verify backup codes as documented to a higher place. Your business relationship is at present protected by two-step authentication.
Smartphone apps that block automated calls might as well block our letters.
↑ Table of Contents ↑
Security Fundamental Authentication
WordPress.com supports login verification with physical security keys using the WebAuthn standard.
Instead of typing in a lawmaking you get via SMS or an app like Google Authenticator later entering your password, you plug in a physical key. Yous so printing a button on that key to complete verification and log in. Without that physical key information technology is incommunicable for anyone to log into your account, fifty-fifty if they know the password.
Requirements
- Have a figurer with a USB port and the latest version of a compatible browser like Chrome, Firefox, Opera, or Edge.
(Annotation: Currently Chrome and Firefox accept the best overall back up for this, so we recommend using these browsers for the well-nigh consistent experience.) - Have a key that plugs into a USB port and works with FIDO2, like Yubico's YubiKey or Google'due south Titan Key (devices using the older FIDO U2F standard should also still piece of work). Please check your specific key'due south support documentation for more than information on the types of devices and browsers your key supports.
Add a Key
Note: y'all need to follow the steps in a higher place to enable two-stride authentication via SMS or an authenticator app before you can add a security key.
Afterwards setting upward two-step hallmark with an app or SMS, you'll see the choice to add a security key. Click on Register fundamental.
We allow you lot to annals multiple keys and so you can name your primal to distinguish it from others y'all might add together in the future. Type in a unique name and click Register key.
At this point, plug your key into a USB port on your computer and, depending on the type of key, either press the push button or tap the gold disc on the key.
If you're successful, you lot volition see a bulletin on the screen and the key will now be listed in the Security Key section.
Once this is fix, you won't be able to access your business relationship without your key, and so treat it the same way as you would the keys to your home or your car – go on it rubber!
Besides consider calculation a second key as a backup option and keep it somewhere that yous will be able to find it should something happen to your primary key. To add additional keys, just click Register Primal again.
Remove a Key
Should you want to remove a security key yous added earlier (for example if a fundamental was lost or no longer works), you can disconnect that key from your account.
Get to the 2-Step Authentication folio in your profile settings, click the Trash icon side by side to the key, and click Remove Key in the confirmation message that will appear.
↑ Table of Contents ↑
Logging In
The login process varies slightly from the usual procedure once you lot have two-step hallmark enabled. Regardless of whether you used the Google Authenticator method or the SMS method to enable two-pace hallmark, you lot'll showtime past logging in as usual with your username and password.
Next, you'll be prompted to enter the verification code that was sent to your device.
If yous set up two-pace authentication with an authenticator app, open up the app on your device and provide the six-digit number listed for the account. If you're using SMS for ii-step authentication, we'll ship you lot a text message with a 6-digit number. In one case y'all've entered the code, you'll be logged in and ready to blog.
If you accept a security primal configured, you'll come across a prompt asking whether you want to verify using your cardinal, or your authenticator app/SMS. To verify using your key, click Continue with security key.
Adjacent you'll see a prompt to connect your fundamental. Plug the central into a USB port on your computer and, depending on the type of key, either press the push or tap the golden disc on the fundamental to finish logging in.
Notation: If yous take also long to verify, the verification request will exist cancelled and an error message volition appear. Just click Continue with security key once more to restart the verification.
↑ Tabular array of Contents ↑
Backup Codes
We don't want you lot to lose admission to your WordPress.com account—yous'll still need to be able to log in if it'due south is lost, stolen, you're locked out for whatsoever reason, or your device needs to be wiped clean (which will delete Google Authenticator).
To make sure you're never locked out of your account, you tin generate a set of x former-apply backup codes. We recommend that y'all print out the backup codes and keep them in a secure place similar a wallet or document safe. (Don't save them on your computer. They'd exist accessible to anyone using your machine.)
Generating backup codes is essential and must be done. If you lot e'er need to apply a backup code, only log in like you usually would, and when asked nigh the login code enter the backup code instead.
At the cease of the setup process for 2-Step Authorization, you'll be given the option to generate backup codes:
Print out the codes—don't just save it—and confirm that y'all've done that. So click All Finished! to close that screen.
If yous lose your list of backups or it'southward compromised, you tin generate a new set of codes. For added security, this will disable whatsoever previously-generated codes.
You can only generate the backup codes from a desktop browser. For example, Safari on iOS will non brandish the fill-in codes. Additionally, if your web browser is prepare to block pop-up windows, yous will need to temporarily disable this feature as information technology will prevent the window with your backup codes from opening.
↑ Table of Contents ↑
Application-Specific Passwords
In that location may be some apps that connect to your WordPress.com account that don't yet fully support ii-step authentication. The most common are Jabber apps used to subscribe to WordPress.com blogs. For these apps, y'all tin can generate unique passwords for each application (e.k., y'all tin can have a dissimilar password on your phone and your tablet). You lot can so disable individual passwords and lock applications out of your account to prevent others from accessing your sites.
To generate application-specific passwords, caput back to 2-Step Hallmark and so down to "Application Passwords":
Give the application a proper name—yous're the simply one who will see this proper name, so call information technology whatsoever you'd similar—and click "Generate Countersign." WordPress.com volition create a unique 16-character password that you can copy and paste the adjacent time you lot log in to your account on that device. The application will remember this password and then you don't need to.
Your Security page will maintain a list of all the applications for which you've generated passwords. If any of your devices are lost or stolen, or yous simply wish to revoke access for a item awarding, you tin can visit this page at whatever time and click "X" to disable the password and prevent the app from accessing your account:
↑ Tabular array of Contents ↑
Disable 2-Step Hallmark
We don't recommend disabling 2-stride hallmark, every bit it's much less secure, even if you believe your password is very strong. But if you insist, you can disable the feature past going to your Two-Step Authentication folio.
The page volition prove that the feature is enabled, and yous tin click theDisable Two-Step Hallmark button. This volition prompt you to enter a code to ostend that you lot yet accept access to the device you originally used to set up two-step authentication. If you're using an authenticator app, open it and provide the code it lists. If you lot're using SMS, you'll be sent a code to use. (This lawmaking is different from the lawmaking you used to log in to your account. You lot tin can likewise use i of your backup codes for this step.)
ClickDisable after entering the lawmaking and your business relationship will no longer exist protected by two-step hallmark.
Note: A security key cannot exist used to disable two-step authentication – this can merely be done using a code received via SMS, your authenticator app, or a fill-in code.
↑ Table of Contents ↑
Moving to a New Device
If y'all are planning on switching to a new device, and you lot accept enabled 2-step authentication, you lot will want to take the following steps to avoid being accidentally locked out of your user account.
If you are using an authenticator app to generate verification codes:
- Print a set of backup codes for your user account past following the steps here. DO NOT SKIP THIS Footstep.
- On your new device, install the authenticator app.
- Disable the ii-step hallmark link with your old device past following the steps here.
- Set up your user account to link to your new device by following the steps here.
- If you are prompted to enter your verification code, employ a code from your listing of backup codes. Backup codes are i-time use only.
- You can at present uninstall the authenticator app from your one-time device.
If you are using the WordPress.com mobile app to manage and publish to your site:
- Create a new application-specific password by following the steps here.
- Enter your new awarding password when using this app on your new device.
If you are using SMS to receive authentication codes, y'all will not need to update your settings unless you are likewise changing to a new phone number. In that case, you will desire to gear up a new recovery number prior to disconnecting your quondam SMS number by post-obit the steps hither.
↑ Table of Contents ↑
If You Lose Your Device
If yous lose your device or security key, accidentally remove the authenticator app, or are otherwise locked out of your account, the simply fashion to get back in to your account is by using a Backup Code.
To apply a backup code, fill in your login details like you normally would. When asked virtually the login code enter the fill-in code instead. Retrieve: fill-in codes are only valid for i time each so be careful when using them.
Source: https://wordpress.com/support/security/two-step-authentication/
0 Response to "I Disabled 2-factor Authenticator. When I Enable It Again Will It Generate a New Key?"
Post a Comment