This has been in place for a while, but I neglected to announce it widely: two-factor authentication is now built in and available to every user of every Indivisible.blue site. Setting this up adds an additional level of security to keep someone from logging in as you. (Here’s a good article explaining two-factor authentication, if you’re not familiar with it.)
To enable this for yourself or Indivisible.blue users you administer, start at the “Users” section of your WordPress dashboard. The list there includes a new column that shows whether two-factor is enabled for each user.
To change the settings, click “edit” for a user, and then scroll down to the “Two-Factor Options” section. I recommend using “Time Based One-Time Password (Google Authenticator)” method, as well as generating backup codes, if you have a secure place to store them (like a password manager). The Google Authenticator app can be installed on your iPhone or Android phone and is easy to use.