Tech Note: Two Factor Authentication Comes to LGF

Something you know, and something you have
LGF • Views: 32,862

Image via Shutterstock

Security has always been a priority in the design of the software that powers Little Green Footballs. As soon as I began writing the code, back in the Paleolithic Era when we were still using flat files instead of a database, I realized that I needed to spend a lot of attention on protecting the site as well as possible. And so far, this effort — and it takes a lot of effort! — has paid off. LGF has never been hacked or compromised, although there have been lots and lots of attempts over the years. No website connected to the Internet can ever be 100% safe from hacking, but we do our best to stay current on security matters.

And today I’m announcing the next step to make our system as secure as possible: two factor authentication for signing in to your LGF account.

What is it?

The “traditional” way of signing in to a website employs a username and password. You can make this fairly secure by ensuring your password isn’t easily guessed; the best way to do this is to set up passwords that are long strings of random numbers, letters and punctuation symbols, with a password manager such as 1Password (which I use and love).

But the drawback of using just a password for security is that you have only one point of failure; if a hacker guesses or gains access to your password, it’s game over, man. And if you were foolish enough to use the same password at more than one website, you could find yourself in a heap of trouble.

This is where two factor authentication (“2FA” for short) comes in. Your password is something you know. Two factor authentication still requires a password, but adds something you have: a cell phone or authenticator app. This makes a hacker’s life much more difficult because the password is no longer the sole point of access.

How it works at LGF

First, please note that this is completely optional; you can continue using a password without setting up 2FA. (But please make sure it’s a good strong password that you’re not using at other sites.)

Our two factor authentication system gives you two options for setting it up: you can give us your cell phone number and we’ll send an automatic text message to it when you sign in, with a six-digit verification code that you enter after your username and password. Or you can use an authenticator app which doesn’t require a cell phone connection; the app generates a single-use verification code for you to use. Most authenticator apps are free, which is always nice.

Presently we only support the most common cell phone carriers in the US and Canada, so if your carrier isn’t in our list you’ll have to use an authenticator app. There are many authenticator apps available for all kinds of desktop and mobile devices; on my Mac/iPhone system, I really like 2STP Authenticator because it’s very simple to set up on the iPhone and syncs automatically with a companion app on your Mac desktop machine, so you can sign in with it even if your cell phone isn’t handy.

How to set up 2FA at LGF

The place to set up 2FA is in your Account Settings, where you’ll see the following new section:

That shows what it looks like after configuring it, but when you first see the 2FA section, it will look like this:

You can configure either a cell phone or an authenticator app, or both. If you set up both options, you can choose which one will be used by clicking the “Preferred” option. The “Enabled” checkbox simply turns 2FA on and off for your account.

We’ll start by setting up a cell phone. Click the “Configure Cell Phone” button and the following dialog pops up:

Enter your cell phone number, including the area code; you’ll notice that the text field automatically formats it for you, so just type the numbers. Then choose your cell carrier from the drop-down list. If your carrier isn’t in the list, well… sorry, but you’ll have to use an authenticator app instead. (If you’d like us to add your carrier to the list, contact us and let us know which one you use and we’ll see if it’s possible.)

A note about cell phone numbers: when we store your number in our database, it’s encrypted with a very strong encryption method, and the key is stored off-site to keep everything as secure as possible.

When you’ve entered your number and selected your carrier, click the “OK” button and this dialog appears:

If everything is set up correctly, you’ll now receive a text message with a verification code that you should enter, to confirm that your cell phone is working with our system. And that’s all there is to it! When your cell phone is configured, the 2FA section will look like this; notice that the “Enabled” checkbox is checked, and “Cell Phone” is now the “Preferred” method:

Important: to configure an authenticator app, you should first go to your device’s app store and download the app you want to use, because you’ll need it to complete the setup.

When you click “Configure Authenticator App,” the following dialog appears:

(Instead of “SECRET_CODE,” you’ll see a string of random letters and numbers.)

You can configure the authenticator app in one of two ways: by using it to scan the QR code you see in the screenshot above, or by manually setting it up by entering the secret code displayed in the box. (And by the way, that’s not a valid code in the screenshot.)

Scanning it is the simplest way; just point your cell phone’s camera at the QR code and it should automatically recognize it, scan it, and set up the proper information for you. When the app is set up, click the “OK” button and you’ll see the following dialog asking you to enter the verification code from the app, to confirm that everything’s cool.

After configuring the authenticator app, the Preferred method will automatically be set to “Authenticator App,” but you can always change it back to the cell phone if you wish.

Finally, you can also get a list of 10 backup codes by clicking the “Backup Codes” button. This brings up the following dialog:

The backup codes are a fall-back in case you don’t have access to your cell phone or authenticator app. Each backup code can only be used one time, and then it’s deleted from your list. In this dialog you can choose to print the list of codes, download a text file containing them, or generate a new list if you’re running out of codes.

That, dear readers, is that. And remember, you can always disable 2FA by going to your Account Settings and unchecking the “Enabled” box.

Enjoy your enhanced sign-in security!

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2016-01-01 10:29 am PST
LGF User's Guide RSS Feeds Tweet

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal
Square Cash Shop at amazon
as an LGF Associate!
Recent PagesClick to refresh
Massive Big Sur Slide May Keep Highway 1 Closed for a Year “It’s definitely breathtaking, it’s definitely massive,” she said of the landslide caused by millions of tons of dirt and rock tumbling down the coastal hillside. Officials say the slide created a new 16-acre land mass sticking out from the ...
Tarkloon
4 hours, 47 minutes ago
Views: 157 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
The Major’s #MemorialDay Message (Especially for #Millenials) for 2017 Well, The Major’s meat-space doppelganger has FINALLY, after decades, gotten the proper medication to treat his ailment! And the best part? It feels like it’s actually working! (Say Hallelujia!) It’s almost like “The Sleeper Has Awakened!”… Now by now, ...
The Major
12 hours, 59 minutes ago
Views: 212 • Comments: 0 • Rating: 0
Tweets: 7 • Share to Facebook
Shares: 0
Comments: 0
: 0
YOUR TAX DOLLARS at HATE: ICE Has Made Over 41,000 Arrests in Trump’s First 100 Days  n the first 100 days that Donald Trump has been in office, arrests for immigration violations have increased 38 percent over to the same period in 2016, according to figures Immigration and Customs Enforcement released Wednesday. More than ...
Birth Control Works
21 hours, 19 minutes ago
Views: 417 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Mike Pence and the Delicate Art of Protest.blog.timesunion.comHOFFMAN FILESMike Pence and the delicate art of protest.By Rob Hoffman on May 25, 2017 at 5:30 AM3Is there a right that is more fundamental to being an American than the right to peaceably assemble? Its prominence in the Bill ...
rhoffman
2 days, 5 hours ago
Views: 469 • Comments: 3 • Rating: -5
Tweets: 2 • Share to Facebook
Shares: 1
Comments: 0
: 1
READ THE WHOLE THING: Sexual Violence Is a Hate Crime - National Organization for Women I strongly believe violence against women, and particularly sexual violence, is a hate crime – and that may surprise people, even feminists. On October 2, 2006 a man walked into an Amish schoolhouse in Lancaster, County Pennsylvania and shot ...
Birth Control Works
2 days, 5 hours ago
Views: 371 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
What I Learned After My Study on Men Secretly Removing Condoms Went Viral But it struck a chord, and somehow managed to trigger an international conversation about assholes who remove condoms during sex without their partners' permission. (Some people call this "stealthing," but I think the term trivializes the harm.) The paper ...
Birth Control Works
2 days, 16 hours ago
Views: 432 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
‘Racist’ Flyers Urge Black Chicagoans to Help Deport Latino Neighbors - Pilsen - DNAinfo Chicago CHICAGO — A South Side alderman is slamming a flyer found in neighborhoods around the city asking black Chicagoans to report suspected undocumented residents to immigration agents. The flyer says that "Sanctuary city Policies endanger the lively hood[sic] of ...
Birth Control Works
2 days, 16 hours ago
Views: 333 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
You Have One Last Chance to Repent, Sean Hannity….Help me force Sean Hannity to repent. If he doesn't, The Major will bring incredible the damage to Mr. Hannity using the new weapons of The Internet. I tried to warn you, Sean. You didn't listen then. If you choose ...
The Major
3 days, 13 hours ago
Views: 472 • Comments: 0 • Rating: 0
Tweets: 2 • Share to Facebook
Shares: 0
Comments: 0
: 0
Doctors Argue That Female Genital Mutilation Is Protected Under First Amendment Two doctors in Detroit, along with one of their wives, are about to take the first religious defense of female genital mutilation to a US Federal court. The case stems from a FBI investigation into Dr. Jumana Nagarwala after ...
Birth Control Works
3 days, 15 hours ago
Views: 600 • Comments: 0 • Rating: 3
Tweets: 3 • Share to Facebook
Shares: 1
Comments: 0
: 1
Letters From Women Pleading for Abortion, Sent in 1917, Mirror Emails Sent Today In the early 1900s, desperate American women wrote letters to the founder of Planned Parenthood begging for help with unwanted pregnancies. A century later, they're sending eerily similar messages to an international abortion-by-mail service. "I'm in the family way ...
Birth Control Works
3 days, 16 hours ago
Views: 562 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 1
Comments: 0
: 1