Adding an Extra Layer of Security with Two-Factor Authentication
Electionbuddy allows you to increase voter integrity by verifying the voter with a text message or voter password - this is also known as two-factor authentication. We recommend that you use two-factor authentication to help restrict proxy voting, if it is a concern for your organization, and to simply add an extra layer of security.
Two-factor authentication can only be used when running a high-integrity election. In medium-integrity elections, "two-factor authentication" is turned on by default, as the voter password required for these elections is a derivative of two-factor authentication.
As mentioned, you can verify your voter using:
- A text message: you provide the cell phone number of each voter in your voter list, and Electionbuddy will send them a verification message with a secret code. This code must be entered just prior to accessing the ballot, after the voter has been brought to electionbuddy.com via the link in their voter notice. This is the ultimate in authentication, as election administrators will never know the code that is sent to the voter.
- A voter password: you provide a password for each voter, which they will need to enter just prior to accessing the ballot, after the voter has been brought to electionbuddy.com via the link in their voter notice. This password should be something that would only be known by the voter. Member IDs usually work well, especially if the IDs are not necessarily easy to remember or guess. Optionally, you can add a prompt message to let the voters know what information they should enter and in which format, for example. "Enter your membership id in <format> format". A password that the voter should inherently know, combined with a clear, concise password prompt, helps you increase your election integrity because it means that you do not have to distribute your voters' passwords.
To enable two-factor authentication:
- On the "Voters" page of your election setup, under "Voter Options", select "Two Factor Authentication".
- From the additional options that appear when you select it, choose whether you want to use "Phone Verification" or "Voter Password".
- If proceeding with phone verification, set the default country code for your voters' phone numbers. If you have voters that are geographically dispersed with different country codes, use the default country code that corresponds to the majority of your voter population, and ensure to include the country code for voters who do not live in that country.
- If proceeding with a voter password, you can choose to create your optional password prompt.
- You will now need to ensure that your voter list contains the correct information. If you selected "Phone Verification", then you will be asked to enter a cell phone number for each voter, and if you selected "Voter Password", then you will be asked to enter a voter password for each voter.
Please note: you cannot set up two-factor authentication for only some of your voters - if you are going to use it, all the voters in your list will be required to have a cell phone number or a password, and Electionbuddy will prevent you from proceeding with the election if you have any voters with this information missing.