Two step authentication for, Jetpack, and WordPress mobile apps

jetpack-two-stepA few months ago, I enabled two-factor authentication for There are a number of reasons I did so. For one, at Range, we sometimes work on WordPress VIP projects, where two step authentication is recommended for about anything that could interact with those projects (.com, email, etc). Second, it was required for me to participate in a Jetpack Beta Group Blog I was asked to join.

For those unaware, two step authentication basically requires you to utilize both a password and a method for assuring that it was really you who used that password. Most of the time, this is handled through a phone or other device that only you would have on you. So if your password is hacked, the hackers doesn’t have the periodically regenerated key from your phone’s two step authentication app, and your account remains protected.

Enabling two step on is pretty easy. Once you are logged in on, you can go to Settings > Security to set it up. You simply toggle the option, give it your phone number, and install an app like Google’s Authenticator on your iPhone or Android.

Now, when I log into any account (Jetpack, Gravatar, and other entities included), I simply enter the code from Authenticator in addition to my normal password. Easy peasy.

Except all of a sudden, I couldn’t sync Jetpack within the WordPress iOS app. I just let this go for months, but it drove me crazy. I love looking at my stats on my phone (I’m obsessive like that). So finally I took the twelve seconds to ask the Jetpack team on Twitter. Always responsive, they helped me out quickly:

Aha! I didn’t notice it when I initially enabled two step, but if you want to access your accounts (or importantly in my case, Jetpack), you have to create an application on the same Security Settings screen and use that as your new Jetpack password.

All that time I thought I had just somehow stored the wrong password in 1Password (another great app for secure password best practices) and in fact it was right but I never enabled my device to access the account.

Hopefully this helps someone else out there in the internet looking for help getting properly setup across devices with two step authentication.