Tech Note: Two Factor Authentication Comes to LGF

Something you know, and something you have
LGF • Views: 33,403

Image via Shutterstock

Security has always been a priority in the design of the software that powers Little Green Footballs. As soon as I began writing the code, back in the Paleolithic Era when we were still using flat files instead of a database, I realized that I needed to spend a lot of attention on protecting the site as well as possible. And so far, this effort — and it takes a lot of effort! — has paid off. LGF has never been hacked or compromised, although there have been lots and lots of attempts over the years. No website connected to the Internet can ever be 100% safe from hacking, but we do our best to stay current on security matters.

And today I’m announcing the next step to make our system as secure as possible: two factor authentication for signing in to your LGF account.

What is it?

The “traditional” way of signing in to a website employs a username and password. You can make this fairly secure by ensuring your password isn’t easily guessed; the best way to do this is to set up passwords that are long strings of random numbers, letters and punctuation symbols, with a password manager such as 1Password (which I use and love).

But the drawback of using just a password for security is that you have only one point of failure; if a hacker guesses or gains access to your password, it’s game over, man. And if you were foolish enough to use the same password at more than one website, you could find yourself in a heap of trouble.

This is where two factor authentication (“2FA” for short) comes in. Your password is something you know. Two factor authentication still requires a password, but adds something you have: a cell phone or authenticator app. This makes a hacker’s life much more difficult because the password is no longer the sole point of access.

How it works at LGF

First, please note that this is completely optional; you can continue using a password without setting up 2FA. (But please make sure it’s a good strong password that you’re not using at other sites.)

Our two factor authentication system gives you two options for setting it up: you can give us your cell phone number and we’ll send an automatic text message to it when you sign in, with a six-digit verification code that you enter after your username and password. Or you can use an authenticator app which doesn’t require a cell phone connection; the app generates a single-use verification code for you to use. Most authenticator apps are free, which is always nice.

Presently we only support the most common cell phone carriers in the US and Canada, so if your carrier isn’t in our list you’ll have to use an authenticator app. There are many authenticator apps available for all kinds of desktop and mobile devices; on my Mac/iPhone system, I really like 2STP Authenticator because it’s very simple to set up on the iPhone and syncs automatically with a companion app on your Mac desktop machine, so you can sign in with it even if your cell phone isn’t handy.

How to set up 2FA at LGF

The place to set up 2FA is in your Account Settings, where you’ll see the following new section:

That shows what it looks like after configuring it, but when you first see the 2FA section, it will look like this:

You can configure either a cell phone or an authenticator app, or both. If you set up both options, you can choose which one will be used by clicking the “Preferred” option. The “Enabled” checkbox simply turns 2FA on and off for your account.

We’ll start by setting up a cell phone. Click the “Configure Cell Phone” button and the following dialog pops up:

Enter your cell phone number, including the area code; you’ll notice that the text field automatically formats it for you, so just type the numbers. Then choose your cell carrier from the drop-down list. If your carrier isn’t in the list, well… sorry, but you’ll have to use an authenticator app instead. (If you’d like us to add your carrier to the list, contact us and let us know which one you use and we’ll see if it’s possible.)

A note about cell phone numbers: when we store your number in our database, it’s encrypted with a very strong encryption method, and the key is stored off-site to keep everything as secure as possible.

When you’ve entered your number and selected your carrier, click the “OK” button and this dialog appears:

If everything is set up correctly, you’ll now receive a text message with a verification code that you should enter, to confirm that your cell phone is working with our system. And that’s all there is to it! When your cell phone is configured, the 2FA section will look like this; notice that the “Enabled” checkbox is checked, and “Cell Phone” is now the “Preferred” method:

Important: to configure an authenticator app, you should first go to your device’s app store and download the app you want to use, because you’ll need it to complete the setup.

When you click “Configure Authenticator App,” the following dialog appears:

(Instead of “SECRET_CODE,” you’ll see a string of random letters and numbers.)

You can configure the authenticator app in one of two ways: by using it to scan the QR code you see in the screenshot above, or by manually setting it up by entering the secret code displayed in the box. (And by the way, that’s not a valid code in the screenshot.)

Scanning it is the simplest way; just point your cell phone’s camera at the QR code and it should automatically recognize it, scan it, and set up the proper information for you. When the app is set up, click the “OK” button and you’ll see the following dialog asking you to enter the verification code from the app, to confirm that everything’s cool.

After configuring the authenticator app, the Preferred method will automatically be set to “Authenticator App,” but you can always change it back to the cell phone if you wish.

Finally, you can also get a list of 10 backup codes by clicking the “Backup Codes” button. This brings up the following dialog:

The backup codes are a fall-back in case you don’t have access to your cell phone or authenticator app. Each backup code can only be used one time, and then it’s deleted from your list. In this dialog you can choose to print the list of codes, download a text file containing them, or generate a new list if you’re running out of codes.

That, dear readers, is that. And remember, you can always disable 2FA by going to your Account Settings and unchecking the “Enabled” box.

Enjoy your enhanced sign-in security!

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2016-01-01 10:29 am PST
LGF User's Guide RSS Feeds Tweet

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal
Square Cash Shop at amazon
as an LGF Associate!
Recent PagesClick to refresh
Stranger Things Season II Trailer The first trailer for Stranger Things 2 is here. It’s 1984 and the citizens of Hawkins, Indiana are still reeling from the horrors of the demogorgon and the secrets of Hawkins Lab. Will Byers has been rescued from the ...
Thanos
1 day, 8 hours ago
Views: 234 • Comments: 0 • Rating: 0
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
‘Silent Coup’: Limbaugh Says ?!?! In an impassioned commentary, Rush Limbaugh said he believes the Washington establishment - both Democrats and Republicans - are involved in a "silent coup" against President Trump. Silent coup? Wrong and wrong. As silent as Rachael Maddow, Keith Olberman ...
Unshaken Defiance
4 days, 13 hours ago
Views: 576 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Immigration: Focus LocallyIn these days of Trump and the Republicans attacking everything decent about America, it's too easy to focus on the immediate threat. Trump's Muslim band is back, but everyone is paying attention to the Republicans trying to steal our healthcare. ...
jhncsy
5 days, 12 hours ago
Views: 423 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
‘Submit to Your Husbands’: Women Told to Endure Domestic Violence in the Name of God (Australian Broadcasting Corporation) The culprits were obvious: it was the menopause or the devil. Who else could be blamed, Peter screamed at his wife in nightly tirades, for her alleged insubordination, for her stupidity, her lack of sexual pliability, her refusal to ...
Birth Control Works
6 days, 11 hours ago
Views: 767 • Comments: 0 • Rating: 2
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
West Virginia Families, Just Learning About Health-Care Access, Fear It Will Be Taken Away - Rewire In Vienna, West Virginia—just north of Parkersburg, along the Ohio River separating the two states—the only Planned Parenthood health center in the state sits among a scattering of gray and tan buildings beside the main road. A few days ...
Birth Control Works
6 days, 12 hours ago
Views: 790 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Trump Election Commissioner Used Dubious Data to Allege an “Alien Invasion” - Mother Jones Election officials and experts say there’s plenty of reason to doubt those claims.But they could still provide a blueprint for Trump’s commission, which has so far hinted at tighter restrictions on voting in the name of cracking down on ...
Thanos
6 days, 19 hours ago
Views: 741 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Inside the Middle East’s First Rape & Domestic Violence Crisis Program For the last year and a half, there’s been a new sight in the Kingdom of Bahrain. Lodged into stacks of newspapers, stuck to mirrors in restaurant bathrooms, and pinned to grocery store notice boards are small, blue-and-white fliers ...
Birth Control Works
1 week ago
Views: 810 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
First Aid Kit - My Silver LiningFirst Aid Kit perform My Silver Lining at Glastonbury 2017
Thanos
1 week, 1 day ago
Views: 831 • Comments: 0 • Rating: 0
Tweets: 2 • Share to Facebook
Shares: 0
Comments: 0
: 0
Jangada - Claudia Villela Quartet at Kuumbwa Jazz Jangada written by Claudia Villela, performed by the Claudia Villela Quartet at Kuumbwa Jazz, Santa Cruz, CA, April 15, 2013 Claudia Villela - vocals, piano, percussionCelso Alberti - drums/percussionJeff Buenz - guitarsGary Brown - bass videography by John Mountaudio ...
Thanos
1 week, 1 day ago
Views: 972 • Comments: 0 • Rating: 0
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Should NYPD Lawyers Step in to Prosecute? Protestors Say No. NEW YORK (AP) -- Arminta Jeffryes was arrested while protesting police brutality. Then the police department played an unusual role in her court case. A New York Police Department lawyer stepped in to prosecute the jaywalking charge against her, ...
Thanos
1 week, 1 day ago
Views: 1,108 • Comments: 0 • Rating: 0
Tweets: 2 • Share to Facebook
Shares: 0
Comments: 0
: 0