Multi-factor Authentication (MFA)

Multi-factor Authentication (MFA) is an extra layer of protection that makes it more difficult for someone else to log into your Hilliard City Schools Email Account. By using MFA, you help protect your personal information, as well as sensitive and confidential Hilliard City School resources and data.

What is MFA

Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack.

What is DUO?

Duo is a two-factor authentication system/app that can be integrated with websites, VPNs and cloud services. The service can be set to work in conjunction with smartphones, personal computers, land lines and security tokens.

 

Read More

Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. Two-factor authentication increases the security of online communications by making it harder for a hacker to masquerade as an authorized user. Duo’s authentication factors are the user name and password (something the user knows) and a device (something the user has). A hacker may be able to steal or guess the user name and password but without verification from the user’s device will not be able to use the login information.

Here’s an example of how Duo’s two-factor authentication works: A website user logs into his account and accepts the option to sign up for the service. When he visits the site next he enters his username and password as usual. Duo sends a message to the smartphone or other device associated with that account; the response verifies the user’s identity.

Duo two-factor authentication methods:

  • One-tap authentication using Duo’s mobile app.
  • One-time passcodes (OTP) generated by Duo’s mobile app.
  • One-time passcodes delivered to any SMS-enabled phone.
  • Phone callback to any phone.
  • One-time passcodes generated by an OAuth-compliant hardware token.

Download from one of these two options.

MFA Resources

If your phone or iPad stops loading email on the Mail app after setting up MFA, you may need to re-authenticate.

  • Go to Settings/Mail/Accounts/Exchange and re-enter your password.
  • If that does not fix the issue, you may need to delete the account and setup Exchange email again.
  • To delete your Mail Account go to Settings > Mail > Accounts > Tap your School Account > Delete Account > if prompted, no need to save anything.
  • Then follow these setup instructions.

 

What is MFA?

A. Multi-factor authentication is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login. Typical factors could include something you know (like a password), something you have (like a phone), or something you are (like your fingerprint).

B. MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the physical space, device, network, or database.

Why do we have to do MFA?

  1. Unfortunately, 88 percent of all data breaches are caused by an employee mistake and the most common issue is the user gives up their username/password through some type of an interaction with a hacker
  • Phishing – logging into a page that is not actually the authentic site.
  • Writing Username and or Password down.
  • Giving their Username and or Password to someone else. 

Multi-factor authentication places a second method of authentication in place to keep the hacker from getting into district systems.

2. Hackers use a variety of tools to monitor, collect and steal user passwords making it the easiest way to gain access to computer systems.  Adding MFA

 Adding MFA places a second barrier up to keep hackers out of your accounts/systems.

What MFA options exist for staff users

A. MFA options for Staff with a district device

    1. iPad – Duo app Push notification or Code
    2. Smartphone – Duo app Push notification or Code
    3. Biometric on laptop – fingerprint reader
    4. If Staff only get a laptop without a fingerprint reader, they will need to use their smartphone or keyfob. 

B. MFA options for Staff without a district device

  1. Smartphone – Duo app Push notification or Code
  2. Duo key fob (if they don’t want to use phone)

C. MFA does not work on:

    1. Fingerprint reader on Safari, it only works on laptop only in Chrome

What will MFA affect and how often do I have to do MFA?

  1. On Webmail – MFA every time
  2. On the Outlook client – TBD
  3. On the Outlook app – TBD
  4. On the mobile device Mail account including Calendar and Contacts- TBD
  5. Internet Account on the Mac – System Preferences. Using Exchange for Contacts- TBD
  6. VPN – MFA every time

Can I setup MFA on my desktop in my office?

No, MFA needs to be on one of the choices above.  The Duo app doesn’t work on the desktop. In addition, since you can’t take your desktop with you, you wouldn’t be able to get into email in any other location, school, computer, etc.

As a means to help our district be more secure against cybersecurity attacks, Multi-factor Authentication (MFA) will be turned on for most staff from Nov. 29 – Dec. 9. When started, all users will need to use MFA to access their district email.

At a later time, other systems like VPN, eFinance, etc. may require user’s to use MFA to access these resources.

Dates
11/15
  • Ed. Tech. Team will send Duo pre-enrollment message (including step-by-step instructions) to building staff.
11/16
  • Duo pre-enrollment is activated for all staff around 10am. Duo enrollment emails (from no-reply@duosecurity.com) are sent to building staff.
11/16 to 11/22
  • Ed. Tech. Team members will provide building support sessions.
11/28
  • First building rollout of MFA to occur at Beacon Elementary.
11/29 to 12/9
01/2023
  • Others to join MFA (January rollout)
  • Transportation
  • Operations
  • Outside Vendors
Feb 2023
  • MFA will be applied to all VPN (Virtual Private Network) connections.
Skip to content