Tech Note: Two Factor Authentication Comes to LGF

Something you know, and something you have
LGF • Views: 34,427

Image via Shutterstock

Security has always been a priority in the design of the software that powers Little Green Footballs. As soon as I began writing the code, back in the Paleolithic Era when we were still using flat files instead of a database, I realized that I needed to spend a lot of attention on protecting the site as well as possible. And so far, this effort — and it takes a lot of effort! — has paid off. LGF has never been hacked or compromised, although there have been lots and lots of attempts over the years. No website connected to the Internet can ever be 100% safe from hacking, but we do our best to stay current on security matters.

And today I’m announcing the next step to make our system as secure as possible: two factor authentication for signing in to your LGF account.

What is it?

The “traditional” way of signing in to a website employs a username and password. You can make this fairly secure by ensuring your password isn’t easily guessed; the best way to do this is to set up passwords that are long strings of random numbers, letters and punctuation symbols, with a password manager such as 1Password (which I use and love).

But the drawback of using just a password for security is that you have only one point of failure; if a hacker guesses or gains access to your password, it’s game over, man. And if you were foolish enough to use the same password at more than one website, you could find yourself in a heap of trouble.

This is where two factor authentication (“2FA” for short) comes in. Your password is something you know. Two factor authentication still requires a password, but adds something you have: a cell phone or authenticator app. This makes a hacker’s life much more difficult because the password is no longer the sole point of access.

How it works at LGF

First, please note that this is completely optional; you can continue using a password without setting up 2FA. (But please make sure it’s a good strong password that you’re not using at other sites.)

Our two factor authentication system gives you two options for setting it up: you can give us your cell phone number and we’ll send an automatic text message to it when you sign in, with a six-digit verification code that you enter after your username and password. Or you can use an authenticator app which doesn’t require a cell phone connection; the app generates a single-use verification code for you to use. Most authenticator apps are free, which is always nice.

Presently we only support the most common cell phone carriers in the US and Canada, so if your carrier isn’t in our list you’ll have to use an authenticator app. There are many authenticator apps available for all kinds of desktop and mobile devices; on my Mac/iPhone system, I really like 2STP Authenticator because it’s very simple to set up on the iPhone and syncs automatically with a companion app on your Mac desktop machine, so you can sign in with it even if your cell phone isn’t handy.

How to set up 2FA at LGF

The place to set up 2FA is in your Account Settings, where you’ll see the following new section:

That shows what it looks like after configuring it, but when you first see the 2FA section, it will look like this:

You can configure either a cell phone or an authenticator app, or both. If you set up both options, you can choose which one will be used by clicking the “Preferred” option. The “Enabled” checkbox simply turns 2FA on and off for your account.

We’ll start by setting up a cell phone. Click the “Configure Cell Phone” button and the following dialog pops up:

Enter your cell phone number, including the area code; you’ll notice that the text field automatically formats it for you, so just type the numbers. Then choose your cell carrier from the drop-down list. If your carrier isn’t in the list, well… sorry, but you’ll have to use an authenticator app instead. (If you’d like us to add your carrier to the list, contact us and let us know which one you use and we’ll see if it’s possible.)

A note about cell phone numbers: when we store your number in our database, it’s encrypted with a very strong encryption method, and the key is stored off-site to keep everything as secure as possible.

When you’ve entered your number and selected your carrier, click the “OK” button and this dialog appears:

If everything is set up correctly, you’ll now receive a text message with a verification code that you should enter, to confirm that your cell phone is working with our system. And that’s all there is to it! When your cell phone is configured, the 2FA section will look like this; notice that the “Enabled” checkbox is checked, and “Cell Phone” is now the “Preferred” method:

Important: to configure an authenticator app, you should first go to your device’s app store and download the app you want to use, because you’ll need it to complete the setup.

When you click “Configure Authenticator App,” the following dialog appears:

(Instead of “SECRET_CODE,” you’ll see a string of random letters and numbers.)

You can configure the authenticator app in one of two ways: by using it to scan the QR code you see in the screenshot above, or by manually setting it up by entering the secret code displayed in the box. (And by the way, that’s not a valid code in the screenshot.)

Scanning it is the simplest way; just point your cell phone’s camera at the QR code and it should automatically recognize it, scan it, and set up the proper information for you. When the app is set up, click the “OK” button and you’ll see the following dialog asking you to enter the verification code from the app, to confirm that everything’s cool.

After configuring the authenticator app, the Preferred method will automatically be set to “Authenticator App,” but you can always change it back to the cell phone if you wish.

Finally, you can also get a list of 10 backup codes by clicking the “Backup Codes” button. This brings up the following dialog:

The backup codes are a fall-back in case you don’t have access to your cell phone or authenticator app. Each backup code can only be used one time, and then it’s deleted from your list. In this dialog you can choose to print the list of codes, download a text file containing them, or generate a new list if you’re running out of codes.

That, dear readers, is that. And remember, you can always disable 2FA by going to your Account Settings and unchecking the “Enabled” box.

Enjoy your enhanced sign-in security!

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2016-01-01 10:29 am PST
LGF User's Guide RSS Feeds Tweet

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal
Square Cash Shop at amazon
as an LGF Associate!
Recent PagesClick to refresh
The Smiths - How Soon Is Now? (Official Music Video) Watch the official music video for "How Soon Is Now"Amazon: po.stiTunes: po.stGoogle: po.stFacebook: po.st "How Soon Is Now?" was originally a B-side of the 1984 single "William, It Was Really Nothing". "How Soon Is Now?" was featured on the ...
Thanos
23 hours, 13 minutes ago
Views: 177 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
2017 Hurricanes and Aerosols Simulation This is fascinating, I recommend full screen How can you see the atmosphere? By tracking what is carried on the wind. Tiny aerosol particles such as smoke, dust, and sea salt are transported across the globe, making visible weather ...
Thanos
1 day, 2 hours ago
Views: 169 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Incredibles 2 Official Teaser Trailer The teaser trailer for "Incredibles 2" is here. Disney/Pixar's "Incredibles 2" opens in theatres in 3D June 15th, 2018. Everyone’s favorite family of superheroes is back in “Incredibles 2” – but this time Helen (voice of Holly Hunter) is ...
Thanos
2 days, 1 hour ago
Views: 248 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Deadpool’s “Wet on Wet” Teaser After surviving a near fatal bovine attack, a disfigured cafeteria chef (Wade Wilson) struggles to fulfill his dream of becoming Mayberry’s hottest bartender while also learning to cope with his lost sense of taste. Searching to regain his spice ...
Thanos
4 days, 2 hours ago
Views: 518 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Voice of America Reporter Outed as Alt-Right However, using information Fatzick himself posted on Reddit — including his age, girlfriend’s name, former employers, friends, location, educational background, and sports affiliations — this reporter was able to tie the vile posts of UncleSam4200 to the Voice of ...
Thanos
5 days, 16 hours ago
Views: 671 • Comments: 3 • Rating: 2
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Gary Clark Jr - Come Together (Official Music Video) [From the Justice League Movie Soundtrack] Official Video for "Come Together" by Gary Clark Jr. featured in the Justice League Movie trailer. In theaters November 17th 2017.Directed by Kris Merc Get the song now at garyclarkjr.com Check out the Justice League soundtrack here: lnk.to Follow ...
Thanos
1 week ago
Views: 633 • Comments: 1 • Rating: 2
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Kimbra - Top of the World (Official Music Video)New from Kimbra The new single Top of the World is available now on Apple Music, Spotify, Google Play, and more. Get the single here - kmbra.me The new studio album Primal Heart out wwide January 19th, 2018Preorder now - ...
Thanos
1 week, 1 day ago
Views: 664 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
The Barr Brothers - Song That I Heard (Live on KEXP) kexp.org presents The Barr Brothers performing "Song That I Heard" live at Breakglass Studios during POP Montreal 2017. Recorded September 16, 2017. Audio Engineer: James BenjaminCameras: Jim Beckmann, Ian Cameron & Scott HolpainenEditor: Jim Beckmann kexp.orgpopmontreal.combreakglass.ca With support from ...
Thanos
1 week, 3 days ago
Views: 730 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Left Cries Foul, but Electoral College Prevents Tyranny of the Majority I'm speechless...this is what we have to fight against: Image: constitution-1486010_960_720.jpg Author: Paul Jenkins(Paul Jenkins is editor of the anchoragedailyplanet.com, a division of Porcaro Communications) The political left and its mouthpiece, The New York Times, are still fuming over ...
Cheechako
1 week, 3 days ago
Views: 882 • Comments: 2 • Rating: 3
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Tune-Yards - Look at Your Hands (Official Video) 'Look at Your Hands' by Tune-Yards. New album 'I can feel you creep into my private life' is released January 19th 2018: smarturl.it Video by Michael SpeedFootage by Marisa Gesualdi & Jennifer SommerAdditional photos by Nate Brenner, Ginger Fierstein ...
Thanos
1 week, 5 days ago
Views: 987 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0