Multi-factor Authentication (MFA)
Multi-factor Authentication (MFA) is an extra layer of protection that makes it more difficult for someone else to log into your Hilliard City Schools Email Account. By using MFA, you help protect your personal information, as well as sensitive and confidential Hilliard City School resources and data.
What is MFA
Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack.
What is DUO?
Duo is a two-factor authentication system/app that can be integrated with websites, VPNs and cloud services. The service can be set to work in conjunction with smartphones, personal computers, land lines and security tokens.
Read More
Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. Two-factor authentication increases the security of online communications by making it harder for a hacker to masquerade as an authorized user. Duo’s authentication factors are the user name and password (something the user knows) and a device (something the user has). A hacker may be able to steal or guess the user name and password but without verification from the user’s device will not be able to use the login information.
Here’s an example of how Duo’s two-factor authentication works: A website user logs into his account and accepts the option to sign up for the service. When he visits the site next he enters his username and password as usual. Duo sends a message to the smartphone or other device associated with that account; the response verifies the user’s identity.
Duo two-factor authentication methods:
- One-tap authentication using Duo’s mobile app.
- One-time passcodes (OTP) generated by Duo’s mobile app.
- One-time passcodes delivered to any SMS-enabled phone.
- Phone callback to any phone.
- One-time passcodes generated by an OAuth-compliant hardware token.
Download from one of these two options.
Set up Instructions for HCSD Staff
Prior to beginning enrollment, we recommend you make sure the [Duo Mobile] App is installed on your Smartphone or tablet and your device operating systems are up to date. If you are using a district assigned iPad, we have placed the Duo app in Self Service.
For HCSD staff members who do not have a district assigned device and are not able to use their smartphone, the tech department will assist you with a Security Key setup. Please let your Edtech Coach/Innovation and Discovery Specialist know so they can add you to a list for issuance of a security key fob.
OPTION 1.
QUICK setup Instructions
Setting up DUO quick guide.
OPTION 2.
Full Step by Step Instructions
Step 1 - Installing Duo Mobile
Install the Duo Mobile app. Note that the icon for Duo Mobile in the App or Play Store displays the Duo logo with a green background.
Do not select the Google Duo app (by Google LLC) for making video calls.
The app requires the following permissions to work appropriately:
- Allow notifications for the use of Duo Push or Passcodes
- Allow access to the camera, as you will need to scan a QR Code to complete enrollment.
Step 2 - Starting on your Computer or Laptop
Starting on your laptop or computer, and using Google Chrome or the Outlook client, log into your hboe.org email account, open the email that came from Duo Security (no-reply@duosecurity.com) inviting you to set up your Duo account. Click the blue link in this email to begin the enrollment process.
Click through the information screens on the page.
Skip the Duo Device Health screen
Step 3 - Duo Mobile app and Duo Push notifications or Passcodes
The HCSD Tech Dept recommends your initial method to be a mobile device that uses the Duo Mobile app and Duo Push notifications or Passcodes.
Next you may enter your phone number if you are using your phone, or you may select [I have a tablet] if you are using your iPad.
Touch ID (macOS with Chrome) may be selected as a secondary option. You will have a chance to make a secondary selection later.
For HCSD staff members who do not have a district assigned device and are not able to use their smartphone, the tech department will assist you with Security Key fob set up. Please attend a support session for guided assistance and issuance of a security key fob.
Step 4 - Mobile Device set up
When you are sure the Duo Mobile app has been installed on your phone or tablet click Next.
Step 5 - Setup account: Entering your Phone Number
Setup account – enter your phone number if using your phone or choose “I have a Tablet” if using your iPad.
Touch ID (macOS with Chrome) may be selected as a secondary option. You will have a chance to make a secondary selection later.
For HCSD staff members who do not have a district assigned device and are not able to use their smartphone, the tech department will assist you with Security Key fob set up. Please attend a support session for guided assistance and issuance of a security key fob.
Step - 6 Duo Mobile app has been installed on your phone or tablet
When you are sure the Duo Mobile app has been installed on your phone or tablet click Next.
Step 7 - Use QR code
Choose – Use QR code – a QR code should appear on your computer screen
- Now, open the Duo Mobile app on your device, be sure to allow Notifications and the Camera.
- Choose Set up account
- On the Link your account screen, choose ‘Use a QR code’
- Use your phone or tablet to scan the QR code on the computer screen.
- On the Name your account screen, tap ‘Next’
Step 8 - The account ‘Hilliard City Schools
The account ‘Hilliard City Schools’ should populate the account name field automatically, change this to
- your name ( ie. firstname lastname )
then tap ‘Save’
Step 9 - When MFA is turned on for you
Hit ‘Skip’ on the Account linked screen. Do not ‘Practice now’
On the Almost there screen, tap ‘OK’ and go back to your computer and try to log into email again. (You may have to log in and out of email several times for the sync to finish)
Here’s what you should see when MFA is turned on for you:
1st
On your computer
(when logging into email)
2nd
On your Phone/iPad
Step 10 - Touch ID for Duo MFA
You have now finished the DUO enrollment process. Check back to your email from your IDS/Ed Tech Coach for your building’s enforcement date to begin using MFA/DUO to access your hboe email.
Step 11 - Adding other MFA devices/options
AFTER YOUR BUILDING TURNS ON MFA, you will have the opportunity to add other MFA devices/options including the fingerprint reader on a laptop.
* If you use Duo already (for another organization or university, etc.), you simply need to Add HCSD as an account. To do this, click through the above steps 1-7, then open the Duo app on your mobile device and tap Add+ in the top right and then tap Use QR Code. Proceed scanning the code on your computer and follow the steps to complete the setup process.
Quick set up guide
- Select your preferred MFA device type:
- A. Staff with a district device, may select your iPad or your phone
- B. Staff without a district device, you may select your phone or the district will provide you with a Duo Security key fob.
- On a laptop or desktop computer, using Google Chrome or Outlook client, open the email from Duo Security (no-reply@duosecurity.com) and click the link provided.
- Click through the instruction screens.
- On the Select an Option screen, choose Duo Mobile
- Enter your phone number if you are using a phone OR choose [I have a tablet] if using an iPad.
- If you selected your iPad or your phone, install the Duo Mobile app now from the App Store or Self-Service. (If you use Duo for another organization, see the footnote*)
- When QR code shows on your computer, open the Duo Mobile app on your mobile device (Make sure to allow Notifications and Camera use) and use this app to scan the code.
- Place your name in the Hilliard City Schools field.
- Finish through the screens to complete the setup. STOP HERE
- Now that you have finished enrolling, check your building’s enforcement date to begin using MFA/Duo to access your hboe email.
- AFTER YOUR BUILDING TURNS ON MFA, you will have the opportunity to add other MFA devices/options including the fingerprint reader on a laptop.
If you have a laptop with a fingerprint reader and want to use Touch ID for Duo MFA follow these steps.
MFA Resources
Technology Tips and Tactics for Keeping Digitally Safe in 2022!
MFA Troubleshooting Steps
- Fixing the exchange account on the iPad Mail app.
- How to switch the method of MFA.
- Safari does not support TouchID.
- I need to reactivate Duo Mobile.
- I have stopped receiving push notifications on Duo Mobile.
- I lost my phone.
- I am using Microsoft Internet Explorer and the Duo Prompt does not display correctly.
If your phone or iPad stops loading email on the Mail app after setting up MFA, you may need to re-authenticate.
- Go to Settings/Mail/Accounts/Exchange and re-enter your password.
- If that does not fix the issue, you may need to delete the account and setup Exchange email again.
- To delete your Mail Account go to Settings > Mail > Accounts > Tap your School Account > Delete Account > if prompted, no need to save anything.
- Then follow these setup instructions.
What is MFA?
A. Multi-factor authentication is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login. Typical factors could include something you know (like a password), something you have (like a phone), or something you are (like your fingerprint).
B. MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the physical space, device, network, or database.
Why do we have to do MFA?
- Unfortunately, 88 percent of all data breaches are caused by an employee mistake and the most common issue is the user gives up their username/password through some type of an interaction with a hacker
- Phishing – logging into a page that is not actually the authentic site.
- Writing Username and or Password down.
- Giving their Username and or Password to someone else.
Multi-factor authentication places a second method of authentication in place to keep the hacker from getting into district systems.
2. Hackers use a variety of tools to monitor, collect and steal user passwords making it the easiest way to gain access to computer systems. Adding MFA
Adding MFA places a second barrier up to keep hackers out of your accounts/systems.
What MFA options exist for staff users
A. MFA options for Staff with a district device
-
- iPad – Duo app Push notification or Code
- Smartphone – Duo app Push notification or Code
- Biometric on laptop – fingerprint reader
- If Staff only get a laptop without a fingerprint reader, they will need to use their smartphone or keyfob.
B. MFA options for Staff without a district device
- Smartphone – Duo app Push notification or Code
- Duo key fob (if they don’t want to use phone)
C. MFA does not work on:
-
- Fingerprint reader on Safari, it only works on laptop only in Chrome
What will MFA affect and how often do I have to do MFA?
- On Webmail – MFA every time
- On the Outlook client – TBD
- On the Outlook app – TBD
- On the mobile device Mail account including Calendar and Contacts- TBD
- Internet Account on the Mac – System Preferences. Using Exchange for Contacts- TBD
- VPN – MFA every time
Can I setup MFA on my desktop in my office?
No, MFA needs to be on one of the choices above. The Duo app doesn’t work on the desktop. In addition, since you can’t take your desktop with you, you wouldn’t be able to get into email in any other location, school, computer, etc.
As a means to help our district be more secure against cybersecurity attacks, Multi-factor Authentication (MFA) will be turned on for most staff from Nov. 29 – Dec. 9. When started, all users will need to use MFA to access their district email.
At a later time, other systems like VPN, eFinance, etc. may require user’s to use MFA to access these resources.
| Dates | |
| 11/15 |
|
| 11/16 |
|
| 11/16 to 11/22 |
|
| 11/28 |
|
| 11/29 to 12/9 | |
| 01/2023 |
|
| Feb 2023 |
|