7

A lot of societies that I am a member of allow online voting for their AGMs (to elect members, approve minutes, etc). To vote in these all members are sent out a two part code - however the two codes are always sent together either in an email or a letter.

The way I see it the two parts of the code should be sent ideally over different channels (e.g. one part via email, one part via letter) or at least at different times (e.g. two emails sent on different days). I realise this would make things a bit more difficult for the voter (losing one of the codes, having to wait for second code before they vote), but what is the point of sending two codes together? Why not just issue a single code to be used?

The codes I receive are often of the format:

Code 1: 12345678
Code 2: abcd
Eborbob
  • 226
  • 1
  • 9
  • 2
    In the way you describe it, it sounds certainly silly. However, could it be _code voting_? As in: "if you want to vote for the candidate 1, mark/write the code 1. If you want the candidate 2, mark/write the code 2". Voting processes have a lot of colliding security requirements, and the spectrum of solutions out there is very wide. Some solutions are actually crazy, and some just value more different security guarantees. – Sergio A. Figueroa Mar 24 '16 at 14:29
  • @SergioAndrésFigueroaSantos No, the two-part code is used to log in to the voting system. – Eborbob Mar 24 '16 at 14:35
  • 2
    Then it is just a _likely insecure_ long token. Specially if it's used exactly within the same form and none of them works as an ID, they could've just said "your code is 12345678abcd". – Sergio A. Figueroa Mar 24 '16 at 14:39
  • I've seen several votes using this approach. I suspect it's just to make the code easier to type in - split it into two shorter parts. It also gives the appearance of a more secure system. – Simon B Nov 06 '17 at 17:24
  • 1
    @SimonB 'It also gives the appearance of a more secure system' - that's my guess, but was hoping someone knew for sure! – Eborbob Nov 07 '17 at 20:45

2 Answers2

1

I've received similar two-code mailings for various elections as well. The same concern hit me, so I looked at them more closely.

One thing that struck me is that the same companies host many thousands of elections. So there's more going on here than a simple election.

For consistency and branding, the voting sites are customized to the organization, so every year for my Coop, I log in to the same URL, something like https://my.coop.election.example.com/ and cast my ballot. As far as I can tell, the URL simply determines the CSS displayed so the right logos and colors show up; but underneath the exact same web site serves all their customers and elections.

From this it made sense that the first code identified the specific election ("2018 My Coop Board of Trustees", "2017 My Coop Board of Trustees", etc.), and the other identified me as the voter. If true, this isn't two-factor authentication, it's simply a pair of identifiers.

As I recall they were named something generic, like "Code 1" and "Code 2" instead of "Election Number" and "Voter ID". This may be intended to keep things obscure; to keep people from trying to vote in other elections or trying to guess someone else's Voter ID.

Could they do this differently, like combining the two and issuing a giant SHA-1 hashed number for me to enter? Yes, but the usability of typing in a very long number is difficult, and they are trying to keep both usability and integrity high -- two shorter numbers are easier to type, and probably solves their problems for them.

John Deters
  • 33,650
  • 3
  • 57
  • 110
0

I think that your question is: "if they're sending 2 codes at once, why not just send one code? "

If I were to issue 2-code authentication, I'd do that under the assumption that one transit is compromised but therefore useless to the person with only half the code. By sending them at the same time, via the same means, they negate that security measure. It almost sounds like they're trying to do a cheap 2-factor authentication. But it's not really a 2nd factor - it's a second use of one factor.

TBH I can't really think of a reason to do it this way. It's the worst of both worlds - both cumbersome and not any more secure.

baldPrussian
  • 2,768
  • 2
  • 9
  • 14
  • Unless the separation is more about the backend systems: one system generates one code, the other generates another. In this way, you authenticate to 2 different backend systems at once with your credentials. This can be useful to maintain the integrity on the back end. – schroeder Nov 06 '17 at 16:43
  • @schroeder In the instances I've seen the one code is usually only 3 or 4 characters long so probably not suitable as an identification token on its own. – Eborbob Nov 07 '17 at 20:42