Extra Security — Two-Factor Authentication

Electionbuddy allows you to increase your election integrity by verifying the voter with a text message or voter password, above and beyond the standard access key that a voter requires to access the ballot. Because this creates a second level of credentials required to access the ballot, this is known as two-factor authentication. 

This article covers:

Deciding Which Type of Two-Factor Authentication to Use 

Regardless of which type of two-factor authentication you choose to use, please note that: 
  • All your voters will be required to use two-factor authentication (i.e. you cannot just set up two-factor authentication for some voters and not others); and, 
  • The two types of two-factor authentication cannot be mixed (i.e. you can only use either phone verification or a voter password).

Two-Factor Authentication Using Phone Verification

  • You provide the cell phone number of each voter in your voter list, and Electionbuddy will send them a verification message with a secret code. 
  • This code must be entered just prior to accessing the ballot, after the voter has been brought to electionbuddy.com via the link in their voter notice. 
  • This is the ultimate in authentication, as election administrators will never know the code that is sent to the voter.

Two-Factor Authentication Using a Voter Password

  • You provide a password for each voter, which they will need to enter just prior to accessing the ballot, after the voter has been brought to electionbuddy.com via the link in their voter notice. 
  • Electionbuddy does not distribute the voters' passwords for you, so this password should be something that would be known by the voter. Member IDs usually work well.
  • Optionally, you can add a prompt message to let the voters know what information they should enter and in which format, for example. "Enter your membership id in <format> format". 
  • A password that the voter should inherently know, combined with a clear, concise password prompt, helps you increase your election integrity because it means that you do not have to distribute your voters' passwords.

Setting Up Two-Factor Authentication

Two-factor authentication can only be used when running a high-integrity election.
  • On the "Voters" page of your election setup, under "Voter Options", select "Two-Factor Authentication".
  • From the additional options that appear when you select it, choose whether you want to use "Phone Verification" or "Voter Password".
    • If proceeding with phone verification, set the default country code for your voters' phone numbers. If you have voters that are geographically dispersed with different country codes, use the default country code that corresponds to the majority of your voter population, and ensure to include the country code in the voter list entries for voters who do not live in that country. You can also include a short message with the SMS code.
    • If proceeding with a voter password, you can choose to create your optional password prompt.
  • You will now need to ensure that your voter list contains the correct information. If you selected "Phone Verification", then you will be asked to enter a cell phone number for each voter, and if you selected "Voter Password", then you will be asked to enter a voter password for each voter. 

The Voting Process with Two-Factor Authentication

Phone Verification

  1. Voters click the link to vote that they received in their email notice (or via a different method, if you did not use email notices). 
  2. This brings them to the following page:

  3. The voter then clicks the "Send SMS" button to get their SMS code sent to their cell phone number.

  4. After the voter clicks the "Send SMS" button, the page in the image above becomes:

  5. They enter the code they received in the text box, and click "Authenticate" to access the ballot. Voting proceeds on the ballot as normal.

If the voter does not receive the text message with their code for whatever reason, they can click the "Resend SMS" button to get another text message sent to their cell phone.

Voter Password

  1. As mentioned above, Electionbuddy does not distribute the voters' passwords for you. Therefore, if you did not choose passwords for your voters that would be inherent to them, your first step is to distribute your voters' passwords to them via a method that best suits you.
  2. Voters click the link to vote that they received in their email notice (or via a different method, if you did not use email notices). 
  3. This brings them to the following page:

  4. The voter simply enters their password into the text box, and clicks the "Authenticate" button to be brought to the ballot. Voting proceeds on the ballot as normal. 

Still need help? Contact Us Contact Us