Data Protection – Multifactor Authentication

Home KB Home Staff Data Protection – Multifactor Authentication

Preface

Multifactor Authentication (MFA) protects your account from external access if your password becomes compromised. The process works through verifying you login attempt via a mobile app. The app can be installed on any mobile device and is available on Staff iPads. If your account password is compromised, a unauthorised user would also need access to your mobile device to be able to login to your account.

This sounds time consuming

Whilst some initial setup is involved, once you have signed into a device that you trust, you can set a 60 day exception from further prompts to use MFA. Devices on the school network will not prompt you for MFA codes, so you will only need to do this on devices you use outside the school network. With so many vectors that attackers use now to compromise a users passwords, MFA has become a necessity to keep school data secure.

Is there really a big risk?

Specially crafted websites (e.g. websites designed to look like official login pages) can trick you into entering your username and password. These details are then recorded and sold via criminal networks to anyone prepared to bid on them. The risk unfortunately is real. If you don’t do so already, it is worth looking into how you can setup Multifactor Authentication / 2 Factor Authentication on services you use in your personal life. Websites such as Amazon, eBay, Outlook.com, Gmail support MFA / 2FA.

Getting the App for your personal mobile device

The store links below will give you the correct app for your device:

Setting up MFA for the first time

Step 1: When you login to a MFA protected school service on a computer that is outside of the schools network, you will be prompted to setup MFA.

Step 2: Select “Mobile App” and then check the “Receive Notifications for verification”. Then click “Set up”

Step 3: A QR code will be shown which you will use via the Authenticator app

Step 4: Open the authenticator app on your staff iPad or mobile phone and tap “Add account”

Step 5: Select “Work or school account”

Step 6: The app will then want to scan the QR code

Step 7: A connection will now be attempted between Office 365 and the authenticator app. A prompt to approve will appear on the app. Tap “approve”

Step 8: Click “Finished” to complete the process.