Two Factor Authentication
What is Two Factor Authentication?
Two factor authentication (also known as 2FA), is an extra security measure you can apply to an online account that strengthens security by requiring two factors to verify your identity. These factors can include something you know — like a username and password — plus something you have — like a smartphone app — to approve authentication requests. When you login to a system using a new computer, you'll be asked to verify your identity using both of those factors, to prove it's really you.
Why do we need it?
In order to protect our data, we need to verify that users are who they say they are. 2FA is an effective way to protect against many security threats that target user passwords and accounts, such as phishing and brute-force attacks. We've seen a huge increase in these types of attacks on schools over the last two years - as recently as last month, a UK school was hacked by brute-force and had all their student personal information uploaded to the dark web. This wouldn't have happened if 2FA was enabled!
The RLT Google system sees around 300-500 failed login attempts per day, and 2FA would bolster our defences against this.
The DfE recently published new IT guidelines for schools, and it's now enforcing that all staff have 2FA enabled on their account. Every school in the UK will need to do this to be compliant. Note that we are only force enabling 2FA for your school Google accounts, and nothing else.
How does it work?
You will be prompted for the 'second factor' when first logging in to a new device (i.e a chromebook you've never used before). There is only one exception to this - we've configured all Windows computers in school so that you will not constantly be asked for the 'second factor' of authentication. This is to reduce the potential disruption to lessons.
It's up to you what 'second factor' you'd like to use, but there are a range of available options:
Phone prompt - You'll get a notification on your phone each time you login to a new device, asking you to approve it.
USB Security Key - The IT Dept will issue you a personal USB security key, which you'll need to insert to the device if prompted
Authenticator App - An app on your phone will generate a security code, which will need to be entered into the Google login screen when prompted
We would recommend using either the phone prompt or USB security key methods, as they tend to be fastest. You can read more detail about each of the methods here.
How do I set this up?
Step 1
Visit the below link to see the 2FA options for your account:
https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome
You'll be asked to re-enter your password to verify that it's you. You will then see the above screen. Click the 'get started' button.
Step 2
You'll be presented with the above page. By default, Google will try and get you to enter a phone number. You do not need to do this - just click the 'Show more options' text to see other posibilties. Select the method you'd like to use as your second factor, and the page will show the relevant instructions.
Step 3
Once you've followed all the instructions, that's it! You'll be presented with a final screen that will confirm the actions you've just completed, and allow you to add another factor if you wish.
Video Guide - Setting up a USB Security Key
If you need further help with this process, please contact itsupport@cherwellschool.org.