Two-factor authentication

Two-factor authentication (TFA) makes it especially difficult for anyone other than you (e.g., hackers, exes, et al) to access your Tumblr account. Aside from your regular login info, you'll need a couple of extra things to log into your account:

• Your phone (which you've hopefully password-protected).
• A unique, single-use code (sent via text or generated by an authenticator app).

Setting up two-factor authentication

1. Click "Settings" under the account menu at the top of the dashboard (the person silhouette). Or head directly to https://www.tumblr.com/settings/account.
2. In the Security section, enable “Two-factor authentication.”
3. Now decide whether you'd like to receive the code via text or through an authenticator app (scroll down to see some recommended third-party apps).
4. Follow the steps laid out in the Settings page.

Logging in on the web with two-factor authentication

If you've enabled TFA, it should work like this:

• Log into your Tumblr account.
• Once you've received the unique code (either via SMS or through an authenticator app), enter the code in the specified field.
• Voilà! You're in!

Logging in through the iOS or Android apps with two-factor authentication

When you have two-factor authentication turned on, you'll need to generate a special one-time-use password in order to log in through your mobile apps. Using either app, you should receive the code via text or through an authenticator app, depending on which method you chose during setup. Don't worry about memorizing that password, by the way. You'll only need it once, and it's really stupid-looking anyway.

Generating backup codes

You can generate backup codes to get back into your Tumblr account, in case you don’t have access to your phone for some reason. Here’s how to get them:

1. Head to your Account Settings on web.
2. In the Security section, click on the “Generate backup codes” button (note that you’ll need to have two-factor authentication enabled in order to see this option).
3. Enter your account password when prompted.
4. Blammo: you’ll see 10 backup codes.

These backup codes can be used whenever you’re prompted to enter a TFA code. Store them in the safest of places. They’re private, just like your password. Just keep in mind that each backup code can only be used once. If you use all 10, simply generate more the same way you generated this bunch.

Backup codes are extremely important, because they're the only way you'll be able to turn off TFA in the event that you lose access to your mobile device.

Troubleshooting two-factor authentication

If you haven’t received the code after a few minutes for SMS authentication, you can click on the refresh-arrow icon next to “Enter auth code” to send another one.

If you're not receiving a code for an authenticator app, check again in a minute or so. Or, try looking at their suggestions for troubleshooting (here are links for Google Authenticator, Duo Mobile, and Authy).

Still no code? Check that the time on your device is accurate for your current location and that it's set to automatically update. Also, make sure that your device is not in sleep, airplane or "do not disturb" mode.

Disabling two-factor authentication

We strongly advise against this. Your account is far less likely to get compromised if you've enabled two-factor authentication.

But if you must, go ahead and turn it off again in your account settings, and we'll ask you to enter your account password to make sure it's really you. You'll then be able to log in to your account without the extra verification step. If you would like to re-enable it at any point, you'll have to go through the setup process again.

Note that we cannot disable two-factor on your account for you.

Recommended third-party authentication apps

We recommend Google Authenticator (iOS and Android), Duo Mobile (iOS, Android), or Authy (iOS, Android).