So, I sat down to write today’s blog entry when I noticed a message to me from WordPress informing me that, in order to make my blog more secure, I needed to subscribe to “two step authentication”.  It made sense.  If my password was ever compromised, I could retain control of my blog via the unique authentication code on my iPhone.

Yes, it made perfect sense BUT, in the back of my mind, I had a bad feeling about it.  Ultimately, however, I decided to go ahead because the process seemed easy enough.

1. I entered my country and cell phone number.

2. I downloaded the Google Authenticator app.

3. I used the Google Authenticator app to scan the special barcode wordpress provided.

4. WordPress prompted me for the authentication code that the app provided.  I entered it.  So far so good…

5. The app provided me with a list of ten unique back-up codes that I was instructed to print.

6. I hit print.

7. I went to the printer – and was horrified to discover that nothing had actually printed.

8. I rushed back to my account where I was presented with the following:

Screen Shot 2013-12-10 at 6.13.08 PM


9. I consulted the Google Authenticator app on my cell phone and input the code provided.  Wordpress informed me it was invalid.

10. I tried another one of the codes provided by the app.  Again, wordpress informed me it was invalid.

11. I hit the “Generate Back-up Codes” button to generate a new set of back-up codes.  Nothing.

12. Panicked, I tried to disable the two-step authentication and was prompted for a back-up code.  I didn’t have.

13. I’m screwed.

So, that’s that.  Apparently, the next time my computer resets, I will no longer be able to log in with my password alone.  An authentication code will be required.  An authentication code, I feel the need to point out, that I don’t have and I have no way of recovering.

All this to say that if I mysteriously stop blogging, don’t fear the worst.  It’s more than likely that wordpress’s new and improved security system has locked me out of my own account.

15 thoughts on “December 10. 2013: Oh, WordPress!

  1. This better not be the cause of you breaking your streak of consecutive days of blogging. Damn password crap…

  2. Noooooooooooooooooooooooooooooooooooooooooooooooooo!!!!!!!!!!!!!!!!

    Damn that Word Press. 🙁

  3. But you are here so that is a “phew” for today. But thanks for the warning because I won’t do that if I get that…when I get around to posting another blog. Might need to do a WordPress business blog though and introduce the world to my new dog.

  4. Hey, Joe

    I got the same email and, not having a blog, thought it was a fishing scam and ignored it. If real, it sounds nuts. Hope all goes well…


  5. I hate the way Apple requires us to choose a “secure” code…last time, in the passcode space, in frustration I wrote “Ihateyouyoupieceofcrap”,,,and the code generator said “password strength acceptable”…

  6. Hi again, Joe

    Just got a chance to catch up a bit with the blog, especially the recent round-up of stop-go opportunities on the various writing/pitching projects. A few questions, please…

    1 – With all that effort on various, beats, arcs, etc, but much in stasis or long grass or waiting on word…what IP is there at this stage, and who owns what?

    2 – How about fleshing some out further into ebook fiction novels/series? Alone (you+Paul; you+other partners) or with collaborative support with others (hand shoots up!)?

    best, PJR

  7. I’d say change your password in case it was phishing, but then I’d be too scared it was real and would ask for the back-up code! It would make one genius phishing scam.

  8. I have come to the conclusion that any time variations of the terms “user friendly” or more convenient” actual equal “huge pain in my ass”. It has been on rare occasions that these terms actually lend to something helpful.

  9. Eep! I have been hating on Google for a while now. Don’t get me started on the mess they’ve made of youtube and that awful Google doubleclick glitch that prevents you from using the back button to get off a page.

  10. Don’t panic! Close your browser. Reopen, and go back to your settings, and try generating new backup codes. Hopefully everything will behave, and you will see them pop up. Try “printing” to a PDF or XPS file. If you are using Google Chrome, you can “print” to Google Drive, which will automatically save them in a document online.

    The backup codes should only be needed IF you lose your phone. The next time you log in, it may prompt you to enter the code from Google Authenticator, but those codes are different than the backup codes. This may be why when you entered a code from the GA app, instead of a backup code, it said it was invalid. Since you didn’t get the list of backup codes, you couldn’t possibly enter a correct one.

    When I printed my backup codes, the prompt to enter a backup code and the word print went away, and I figured I’m done. You can always generate new codes, just remember to throw the old ones away.

    Hope this helps.

  11. Hi Joe! Long time no see:) you never never call…..LOL. Great to see you’re still here and apparently so is everyone else which is awesome. Its going to take a while but I’ve got a whole lot of catchup posts to read so I can join in and even heckle from time to time.
    I took one look at the old two-step authentication bit flashed forward to it going badly wrong and ending with me computer going out the window so…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.