Securing Tumblr Accounts
In the event of a break-in, stolen password or other compromise, securing a Tumblr account is not simply a matter of changing the login password. Other aspects of the account remain active after a password reset. To properly secure a Tumblr account after any sort of compromise, do the following:
- Go to https://www.tumblr.com/settings/account and login.
- Click the Edit icon next to Password.
- Enter your current password and the new password.
Important! Ensure the new password is complex, and is not used anywhere else.
Revoke Existing App Access
- Go to https://www.tumblr.com/settings/apps.
- Delete all the linked apps.
You will need to re-link these apps next time you use them by logging in with the new password.
Reset Post by Email
- Go to https://www.tumblr.com/settings.
- Click on the blog heading.
- Scroll down to Post by Email.
- Click Reset Address.
Advanced: Enable Two-Factor Authentication
The use of two-factor authentication means that even if the account password is compromised, access to the account can only be gained via the second factor, such as a text message sent to a mobile phone or a secret code generated by your phone. It will not block access by already-linked apps or posts by email. However two-factor authentication carries the risk that if you lose access to the device that generates the codes, you'll be locked out of your account permanently. So only enable this feature if you are certain you will retain access to your mobile number and/or authenticator codes.
- Go to https://www.tumblr.com/settings/account.
- Enable Two-Factor Authentication.
- Follow the process to activate your phone and/or use an authenticator app.