2-factor authentication

Everyone knows that to access our website, after registering, and creating your personal profile, after clicking on the activation link, which our system sends to each user, after doing the second part of the activation, and after activation of your personal profile by our administrators, you can access our website, simply by entering your username and password, in the access form, present at the top and bottom of each of our web pages .

The main security measure, which we recommend to everyone, but which is not mandatory, is the activation of 2-factor authentication, which in addition to the username and password, requires a unique code, to be entered, in order to access .

DirectDemocracyS, has decided not to use telephone notifications, and if we use them in the future, it will be only a few verification messages, SMS notifications, we consider them useful for security, only relatively, but very annoying, if too numerous. Also with regard to email notifications, we try to send only necessary, urgent, and important notifications. For those who like to receive many notifications, they can set up and request them by themselves, managing their profile, in the Social area, or according to the case in the Community area (visible only to our official members).

Our security protocol, right from the start, is very secure, we are among the first on the web, to request passwords, of a length of at least 12 characters (including numbers, lowercase, uppercase, and special characters for those who wish) , we have users with very long passwords, even 24, or even 36, and more characters. Since the beginning of our activities, if a user enters the wrong password too many times, our system blocks the profile, which can only be recovered by the user (only with a link to click, from his email address), via a completely automated, simple, secure and encrypted procedure.

2-factor authentication.

If you want to significantly increase security measures, and to prevent unwanted access, you can decide to use 2-factor authentication.

Currently all our users will be able to choose one of our two methods of 2-factor authentication, both of which will make your personal profile on our website practically inviolable.

https://www.directdemocracys.org/social/profile/mfa

The selection screen has the following content.

Multi-factor authentication is not enabled.

Verification code.

Verification code.

Use 6-digit codes generated by an app every 30 seconds.

Add a new verification code.

Code by email.

Code by email.

Receive six-digit codes by email.

Add new code with email.

Authentication methods.

The first method is Google Authenticator.

Google Authenticator is an application for smartphones and desktops (it is installed in various browsers), created by Google, which allows you to generate 6-digit security codes, which change automatically every 30 seconds. To access our website, you will therefore need: username, password, and the six-digit security code (token) which varies every 30 seconds.

You can enable 2-Factor Authentication for Frontend, Backend or Both.

This method provides extra protection, against hackers, who want to compromise access to the website, since even if they were able to steal, or discover the administrative or login credentials on the website, they would have 30 seconds maximum, to perform the Hack of the site (or according to the case of the personal profile) and, usually, it is not enough time. In this way, two-factor authentication prevents unauthorized access to the website and to the personal profile of each of our users.

Setting up Google Authenticator as a two-factor authentication system is very simple.

Step 1 - Install Google Authenticator.

Download and install Google Authenticator, for your PC, for your favorite browser, or for your tablet, or for your smartphone. Always to be done before step 2.

Step 2 - Go to the 2-factor authentication settings link.

https://www.directdemocracys.org/social/profile/mfa

Step 3 – Setup.

A QR code will be displayed, to be scanned with a smartphone that has the Google Authenticator application installed, or with your favorite browser (just select the QR code area with your fingers, or with the left mouse button).

Step 4 - Activate Two-Factor Authentication.

In the "Security code" field, enter the 6-digit code, displayed on the screen of your smartphone, or in your Google Authenticator (in the browser extension as appropriate). Then click on Save and Close.

Now, access to the site is protected by 2-factor authentication. By logging out of the site, 3 fields will now be visible on the login screen: username, password and secret key. Enter the code generated by Google Authenticator in the "Secret Key" field.

Second method.

The second method, simpler for some, but equally efficient, is to use a unique code, for each access, which our system sends directly to the email address of each of our users.

You normally enter your username and password, and if correct, our system sends a 6-digit code to your email address (always check, even in your junk mail folder).

After correctly entering your username and password on our website, the screen changes automatically and this message appears.

Multi-factor authentication - code by email.

You have received a six-digit, multi-factor authentication code in your email. Enter it below.

Authentication Code: Enter here the six numbers you received via email.

Of course you can select a different method. Select a different method.

The message, which you will receive at your e-mail address, is like the following (also check your junk mail, and always check the header, and sender, which must contain @directdemocracys.org):

Your DirectDemocracyS authentication code is -123456 (the current number, in this article, is just an example).

(Always check this header.)

DirectDemocracyS mail_admin @directdemocracys.org;

Current user.

Multi-factor authentication on DirectDemocracyS. Your authentication code is 123456. (the current number, in this article, is just an example).

Obviously, the code sent is only valid for one access, for each subsequent access attempt (after leaving the website), the same procedure will be followed.

You can delete, at any time, one of the methods used, or change the method, directly, after logging in to our website (with the old method selected), and then modify, or delete, from the link:

https://www.directdemocracys.org/social/profile/mfa

if you eliminate the two-factor authentication, the next time you access, you will be able to access the website simply by entering your username and password in the access form.

If, on the other hand, the authentication method is changed, the next time you log in, you will only be able to log in using the new chosen method.

More safety tips.

If you leave the session always connected, you will always be connected to our website, so it will not be necessary to enter your username, password, and any codes, to enter (you will always be connected) from your browser, or from our application, but in this case, we always advise you to use secure passwords for your PC, for your tablet, and for your smartphone, to prevent other people from browsing our website for you. Any action, or activity, carried out from your personal profile on our website, for us, is performed by the registered user. For any problem, even serious, or activity, against our rules, the owner of the profile will be severely punished, and not the person using it.

Change your password often (both of your email address and of your personal profile, and in general wherever the password is needed, and never use the same one, on different websites), and keep it in a safe place, not accessible to other.

Never give anyone your access data to your email address, our website, other websites, and your social networks. No one will ever ask you for your login details on our websites, but if someone does, never give out, for any reason, your personal and login details, and any details, about your activities on, and off, from our website. Always report any suspicious activity, or request, only through the contact form of the Special Security Group, at this link:

https://www.directdemocracys.org/contacts/specials-groups/securities-groups/4-security

Do not save your access data, on browsers or applications, on PCs, tablets, or smartphones, of other people, or in public areas, but only on your technological means, to prevent others from using our website, in your name.

Traditionally, when you access your site, you need to indicate your username and password to identify yourself in the system and be able to access it. The biggest problem with this approach is that the username and password can be stolen or guessed. For example, if your PC is infested with malware, or if you try to access your site from an insecure network, such as a public Wi-Fi hotspot, it is possible that someone could intercept your username credentials and password. This means, that they can access the website, replacing the attacked user.

To prevent this scenario, a 2-Factor Authentication system is available, which strengthens the login to your website, with a secondary and disposable secret code. This technique is called 2-factor authentication and is abbreviated to 2FA.

Enabling 2-Factor Authentication is recommended for all of our users.