To set it up, users must access the Security tab in their WordPress.com account settings, where they will be offered a setup wizard:
The secret code that will function as the second authentication factor can be picked up via the Google Authenticator app that the users can download and run on their iPhone, BlackBerry, or any Android-powered device or can be delivered via SMS within a minute or two of submitting the login username and password.
Ten backup codes are given to the users opting for 2-step authentication so that they aren't locked out of their accounts if their devices are lost or stolen.
And while the feature will not currently work for all the apps used to access WordPress.com accounts, users can generate unique passwords for each of them via the "Application Passwords" option in the Security tab.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.