If you have a WordPress.com blog, now is the perfect time to make your account more secure with our new two step authentication! Two step authentication (also referred to as two-factor authentication) requires you to enter a one-time secret code from your mobile device whenever you log in, after entering your password of course, which is hopefully a strong password (and you should consider changing that if it isn’t). This means that, with two step authentication enabled, an attacker would need to both know your password and have physical possession of your mobile device to gain access to your account.
All you need to use two step authentication at WordPress.com is an iOS, Android, or Blackberry mobile device (it doesn’t have to be a cellphone, but you do need to connect to the internet once to set it up). If you don’t have either, you can also use a cellphone capable of receiving text messages.
We’re looking into ways to bring our two step authentication system to self-hosted WordPress.org blogs soon, and you’ll see an announcement on the Jetpack blog when we’re ready. Until then, try the Google Authenticator plugin with your self-hosted blog.