After lots of noise in the news about stolen passwords, WordPress hacks and other online hazards, I decided last year to set up two-step authentication on many of my accounts. This seemed like a smart thing to do.
After setting up verification on Twitter, for example, I wouldn’t be able to log into Twitter on my laptop without entering a code that Twitter would send to me via SMS. This certainly increased my feeling of security.
Similarly, I have Google Authenticator set up for some of my blogs, so that I can’t sign in without grabbing a code from the Google Authenticator app on my iPhone and entering it with my usual login name and password.
You may see where I’m going with this.
Let me preface this description of my bone-headed error by explaining that I’m in the midst of packing for a move, so everything I own seems turned upside down. In the maelstrom, I thought I was very smart to proactively change my mobile phone number to my new area code, and let my family and friends know the new number.
Unfortunately, I didn’t let Twitter know.
Yes, I, who should know better, found myself locked out of my own Twitter account because Twitter, bless its heart, was doing what I asked it to do: send an SMS to my mobile phone number. My old mobile phone number.
The good news: I was still logged into Tweetdeck on my laptop, so I was able to tweet as usual. I just could not access any features of Twitter.com.
It took two weeks of emailing Twitter Support to solve this problem. A seemingly endless series of automatically generated support replies kept sending me instructions to “reset my password.” Of course this was followed by a prompt to enter the code they’d just sent – to my old phone.
Finally, I was able to rattle someone’s cage at Twitter Support so I could delete my old phone number and add the new one.
I don’t blame Twitter. This was my own fault for not thinking about WHERE I had used my mobile number as a source of verification. If I ever change my number again, I will first disable any two-step verifications I’m using, then add the new number.
Which leads me to the Google Authenticator app. I hope I never lose my iPhone because I’ll be locked out of my blogs without a plan B. Here’s a helpful post about how NOT to get locked out when using two-factor authentication.
Bottom line: Don’t be so quick. THINK, then act.
Photo copyright: piren / 123RF Stock Photo