Graham Cluley: If you enable the feature, then you’ll not only need your username and password to log into Tumblr. You’ll also need a one-time authentication code that will be accessible via your mobile phone. In short, the bad guys won’t just need your username and password, they’ll also need that code (or physical access to your phone).
In a world where it’s not at all unusual for users to be careless with their password security, two-factor authentication (often shortened to “2FA”) makes a lot of sense.