What is Two Factor Authentication?
2FA (two-factor Authentication) means using two factors to verify a user’s identity before granting access to a system or service. The factors are usually classified into three categories:
- Something you know, typically a password, a PIN, or a security question
- Something you have, such as a smartphone, a tablet, or a physical token
- Something you are, such as a fingerprint, a face scan, or an iris scan
By using 2FA, you can add an extra layer of security to your accounts and prevent unauthorised access in case your password is compromised or stolen.
Schools and organisations may choose to apply 2FA to teachers or older students (or any users) to create an additional layer of security, or to comply with security requirements for, for example, Cyber Essentials accreditation. However, 2FA presents a challenge to school and learning environments where users do not have mobile devices, or cannot use them in lessons. MyLogin solves this issue with our unique 2FA offering.
How does 2FA work in MyLogin
MyLogin takes advantage of our range of log in methods to support 2FA. Using a combination of password (something you know) and Magic Badges (something you have) we can offer 2FA to your users.
Users with 2FA applied will be asked to input their username and password and then will be asked to show their second factor - their unique badge. If they try to log in through another method (for example emoji passwords) the will be redirected to the 2FA pathway (password then badge).
They can also choose to use their Magic Badge first, after which they will be directed to the username/password pathway to authenticate and gain access.
How do I apply 2FA to my users
2FA can be applied by an admin on a per user basis, across your organisation or on a group by group basis. 2FA settings for users are found inside your users dashboard.
To set for an individual, select the users, and navigate the the 2FA section and toggle on
Too apply to a group - filter your users by the group you want to enable for and select all, 2 Factor Authentication and Enable.
FAQs
What happens if a user forgets their password or badge?
In the classroom teachers can provide a 5 digit PIN for a student user to grant them temporary access to their account. These PINs expire after 8 hours and should allow for a user access for the day, allowing them time to reset their password, recover their badge or have a new one generated by an admin. Alternatively an admin can help reset their password or generate a new badge.
Can I exclude specific users from 2FA or apply it to certain groups?
Yes, 2FA can be applied by an admin on a per user basis, across your organisation or on a group by group basis. Individual users from groups can be excluded
Does 2FA apply to admins?
As admins are likely to be operating in a office environment, rather than the classroom, we offer 2FA for admins with the second factor being supplied by an authenticator app on a mobile device. This can be turned on or off for all admins, we recommend turning it on for admins due to their increased level of access.
This feature is turned on in the "Account" section of the Settings page in your MyLogin admin portal.
Does 2FA apply to both MyLogin Device and MyLogin SSO?
Yes, 2FA can be applied to users regardless of which product you are using.
Can users make use of the emojis passwords for 2FA?
Emoji passwords are not part of the 2FA offering.
Comments
0 commentsPlease sign in to leave a comment.