Two-Factor Authentication

ActBlue user roles and permissions dictate what users can do on our platform. If the tools or features in this article are unavailable to you, speak to your entity Admin first about updating your permissions. 

In this article:

  1. Why is 2FA important?
  2. Setting up 2FA with Google Authenticator
  3. Backup codes for 2FA
  4. I received an email saying 2FA is now required to access my Dashboard
  5. Why is my account telling me that 2FA is required?
  6. Enforcing 2FA for users in your account

Security is a top priority at ActBlue, so we strongly recommend that admins of campaigns and organizations turn on two-factor authentication (2FA). We recommend using the Google Authenticator app for the safest, most secure experience possible.


Why Is 2FA Important?

2FA is an extra layer of protection for your staff’s ActBlue logins, requiring users to provide two different, independent pieces of verification to confirm their identity when logging in. After filling out a username and password, 2FA commonly requires users to enter an authentication code that a phone app randomly generates.
Besides securing routine logins, 2FA is especially important in guarding your account when logging in from a new device. You’ll need to confirm your login information using 2FA, making it harder for someone else to impersonate you.


Setting Up 2FA With Google Authenticator

We strongly recommend securing your account with 2FA using the Google Authenticator app. Google Authenticator is a time-based one-time password (TOTP) app that significantly upgrades your account’s security using algorithms to produce authentication codes. When you use Google Authenticator, you will not receive text messages or voice calls as part of the verification process, as those methods are vulnerable to social engineering attacks.

Setting up 2FA with Google Authenticator is simple and only takes a few minutes. The easiest way is to log in to your account and click the Manage menu in your navigation bar at the top. You’ll see a message regarding 2FA at the top. Click “Enable two-factor authentication” to begin protecting your account.

You’ll also see a message regarding enabling 2FA at the top of your Dashboard.

Finally, you can enable 2FA by clicking on the “Settings” tab in the Manage menu and clicking “Enable” next to “Two-factor authentication” on the Settings page.

You’ll land on the “Enable two-factor authentication” page, where you’ll find instructions for downloading Google Authenticator on your device.

After downloading, open the app and select “Begin Setup” and “Scan barcode.”

Scan the barcode on our page with the app and get ready to receive your first authentication code.

The app will generate a six-digit code to enter in the box at the bottom of our page. Click “Verify and enable” to complete the setup process.

From then on, you need to enter a Google Authenticator code when logging in to your ActBlue account intermittently or when you use a new device.

Check whether other users who manage your account have turned on 2FA. Head back to your entity’s Dashboard, where you can find the People tab in the Dashboard toolbar under “Settings.” You can also see if they are using a TOTP app such as Google Authenticator or another type of app for their 2FA.

If you already use another 2FA app like Authy and prefer not to switch to Google Authenticator, we strongly recommend disabling the Authy Multi-Device feature. This feature makes your account vulnerable to social engineering attacks.

Using 2FA with Google Authenticator tends to be the most accessible method for ActBlue admins. Our platform also supports YubiKeys (a physical device you insert into your computer, similar to a USB drive). YubiKeys users can now log in to ActBlue with codes generated by the Yubico Authenticator desktop app for 2FA.


Backup Codes for 2FA

2FA usually depends on your mobile device, so we recommend you generate backup codes in case you lose your phone. The easiest way to generate 2FA backup codes is to follow the instructions in the pop-up right after you enable two-factor authentication.

Or, click “Settings” in the Manage menu, which brings you to the “Security” tab.

This page shows whether you’ve turned on 2FA, enabled TOTP, and generated backup codes for your account. Click the “Generate” button next to “Backup codes.” You need to have 2FA enabled before generating backup codes.

To generate new backup codes, verify your identity with a temporary code or your current password. If you created your ActBlue account using a Gmail- or Gmail-affiliated email address and do not have an ActBlue password, you will only see the option to use a temporary code. 

If you use a temporary code, a pop-up will instruct you to check your email for the code. The email will look something like this:

Enter the temporary code and click “Generate codes” to continue to your backup codes.

In the pop-up, you also have the option to use your password to verify your identity.

Enter your password, and click “Generate codes.”

Then, the pop-up with your backup codes will appear. You must save these backup codes immediately after generating them. Click “Download” to download the codes as a CSV file. We recommend you click “Copy” and paste your codes into a secure password manager like 1Password rather than your computer’s Downloads folder.

After generating backup codes for your ActBlue account, you should get an email from ActBlue Security Alerts at support@actblue.com confirming that you generated the backup codes. 

After exiting the “Generate backup codes” pop-up, your backup codes will be hidden to keep your account as secure as possible. If you did not download or copy and paste your backup codes, you’ll need to generate a new batch. You can do this by navigating to the “Security” tab and clicking the “Generate” button.

Each backup code is a one-time use only — you can’t use it again once you have used it. If you are running low on backup codes, you can generate a new batch anytime. You’ll need to generate new codes if you change your two-factor authentication device


I received an email saying 2FA is now required to access my Dashboard

If you received an email stating that 2FA is now required to access a Dashboard that you are a user on, your Admin has enabled 2FA for all users on the account. Luckily, 2FA makes your account more secure and only takes a few minutes to set up. We recommend setting it up as soon as possible after receiving the email. 

Click the link in the e-mail to get started and you will see a prompt to download the Google Authenticator app on your mobile device. Download the app before moving on to the next step. Once you have Google Authenticator on your phone, click “Next.”

Follow the instructions on your screen: click the + sign on the app and select “Scan a QR code.” Scan the QR code on the page (not the one below). Click “Next.”

Your Google Authenticator app will generate a six-digit code that you need to enter in the field shown in Step three. Double-check that it is correct and click “Verify and enable.”

Next, you will see 10 backup codes in the popup. You can click “Download” to download the codes as a CSV file, but we recommend clicking “Copy” and pasting your codes into a secure password manager like 1Password rather than your computer’s Downloads folder.

Once your codes are saved in a secure location, click “I saved my codes.”

2FA is now set up for your account, making your information and data secure. Click “Done” on the Success page to proceed to your ActBlue account.  

Why is my account telling me that 2FA is required?

If you are seeing a popup like the one below, your Admin has enabled 2FA for all users on the account. You should set up 2FA immediately to avoid losing access to your account. Luckily, the process only takes a few minutes and makes your account more secure. 

Click “Enable now” to get started.

Follow these instructions to set up 2FA and enter your account.

Enforcing 2FA for users in your account

If you have an Admin role in your ActBlue account, you can enforce 2FA for your team members to maximize account security. To do this, head to the General tab of the Settings section in your Dashboard navigation bar. 

Under the Security tab, toggle “Require two-factor authentication” to “Required.” 

This change will go into effect immediately, and your team members will receive an email with instructions on enabling 2FA. Make sure to let your team know ahead of making this change. 

The amount of support that the ActBlue Customer Service Team can provide is dependent on the permissions that you have. Check with your entity Admin about your assigned role.

If you have any questions, please contact our support team using the email address you use to access your ActBlue account. 


Additional Reading

Search category icon

Switching Your Two-Factor Device

We work hard to make sure your ActBlue account’s security stands the test of time, but we know that mobile devices often do not! Since two-factor authentication (2FA) depends…

Search category icon

Managing Your Account

ActBlue user roles and permissions dictate what users can do on our platform. If the tools or features in this article are unavailable to you, speak to your entity…