New Two-factor Authentication recommendations

ActBlue admins will notice something new on their Dashboard starting today: A message regarding two-factor authentication.

2FA Message

Two-factor authentication (2FA for short) is a security protocol that requires users to provide two different, independent pieces of verification to confirm their identity when logging into an online account. A common form of 2FA requires users to enter a username and password combination AND an authentication code that is randomly generated by a separate app on a phone. We’ve offered 2FA on ActBlue admin accounts since 2016. Today, we’re releasing new 2FA recommendations and options to reflect current best practices.

1. We strongly recommend setting up 2FA with Google Authenticator for your ActBlue account today, even if you are already using a different 2FA application (and especially if you are not currently using 2FA). Google Authenticator is a Time-based One-Time Password (TOTP) app. TOTP apps are the most secure 2FA option because they use algorithms to generate authentication codes. When you use Google Authenticator with your ActBlue account, you will not receive text messages or voice calls as part of the verification process as those methods can be vulnerable to social engineering.

To start using Google Authenticator with your ActBlue account, simply log in to ActBlue and then follow the link in the message at the top of your Dashboard (pictured above). You’ll be brought to a page where you can download Google Authenticator on your phone or tablet.

2FA Page

Open the app and select “Begin Setup” and then “Scan barcode.”

Google Authenticator

Scan the barcode on our page. The app will then show you an authentication code, which you should enter in the “Confirmation code” box on our page. Please note that every code will disappear in the app after a few seconds, but the app will constantly generate new ones (so don’t worry if you are too slow entering it the first time).

Click the orange button at the bottom of our page to complete the setup process! From then on, you will be asked to enter a Google Authenticator code when logging in to your ActBlue account on an intermittent basis or any time you log in on a new device.

2. If you currently use the 2FA application Authy and do not want to switch to Google Authenticator, we strongly recommend disabling the Authy Multi-Device feature. This feature leaves your account vulnerable to social engineering. See number three — “Enable (or disable) Authy Multi-Device” — on this page for instructions. We also recommend disabling Authy’s Authenticator Backups feature. Or just set up Google Authenticator instead. It only takes a few minutes!

3. We are excited to now support YubiKeys for 2FA! While using an app on a phone like Google Authenticator will be easiest for most ActBlue admins, we’re always striving to be on the cutting-edge. Now, if you have a YubiKey (a physical device that you insert into your computer, similar to a USB drive), you can use it with codes generated by the Yubico Authenticator desktop application for your 2FA.

Two-factor authentication is one of the best ways you can protect yourself and your organization from attacks. If we can help you deploy 2FA to your entire campaign or organization on ActBlue, or if you have any questions about these recommendations, contact us at support@actblue.com!

Ted Cruz thinks we’re big money

Last night, Ted Cruz mentioned us in a debate about the tax code on CNN with Bernie Sanders. Perhaps not surprisingly, Cruz got his facts wrong. When talking about big money in politics, he compared us to the Koch brothers — some of the biggest Republican mega-donors in the business.

As a nonprofit fundraising platform for the left dedicated to helping small-dollar donors speak truth to power, we were caught off guard by his mistake — and so were the people in our community.

 

Ted lying

 

It was actually kind of funny how wrong he was:

 

Tweet

Tweet

Tweet

Tweet

Tweet

 

In case Ted Cruz is still confused, here are some tweets that explain what we do from some of the amazing small-dollar donors and grassroots activists who use ActBlue:

 

Tweet

Tweet

Tweet

Tweet

Tweet

 

Better luck next time, Ted.

 

Tweet

 

In the meantime, we’ll be actively empowering small-dollar donors so they can fuel the organizations and causes they care about and power Democrats to victory in 2018, 2020, and beyond.