What is Two-factor authentication?
MFA (multi-factor authentication) or 2FA (two-factor authorisation) means using two or more factors to verify a user’s identity before granting access to a system or service. The factors are usually classified into three categories:
- Something you know, typically a password, a PIN, or a security question
- Something you have, such as a smartphone, a tablet, or a physical token
- Something you are, such as a fingerprint, a face scan or an iris scan
By using 2FA, you can add an extra layer of security to your accounts and prevent unauthorised access in case your password is compromised or stolen.
Schools and organisations may choose to apply 2FA to teachers or older students (or any users) to create an additional layer of security, or to comply with security requirements for, for example, Cyber Essentials accreditation. However, 2FA presents a challenge to school and learning environments where users do not have mobile devices, or cannot use them in lessons. MyLogin solves this issue with our unique 2FA offering.
How does 2FA work in MyLogin?
MyLogin takes advantage of our range of log in methods to support 2FA. Using a combination of password (something you know) and Magic Badges (something you have) we can offer 2FA to your users.
Users with 2FA applied will be asked to input their username and password and then will be asked to show their second factor - their unique badge. If they try to log in through another method (for example emoji passwords) they will be redirected to the 2FA pathway (password then badge).
MyLogin - 2FA Demo - Watch Video
2FA can be applied by an admin on a per user basis, across your organisation or on a group by group basis.
To apply 2FA to an individual user navigate to Users > Overview and search for or click on the user you want to apply 2FA to
Clicking on the user will open the user modal
Select the Two Factor tab
Toggled the enable button on
To remove 2FA from a user follow the steps above and toggle button to disable
Applying 2FA to users in bulk
To apply 2FA to users in bulk - navigate to Users > Overview here you can either Select All tick a selection of users you want to apply 2FA to
alternatively you can filter by classes/groups/years using the Filter button
Then select the groups you want to filter your users to
Click Select All then click 2FA for the list of options
Select enable. Repeat the process to remove 2FA and select dsiable
Users who have had 2FA applied will show a green shield in the 2FA column on the users overview
FAQs
What happens if a user forgets their password or badge?
In the classroom teachers can provide a 5 digit PIN for a student user to grant them temporary access to their account. These PINs expire after 8 hours and should allow the user access for the day and time to reset their password, recover their badge or have a new one generated by an admin. Alternatively an admin can help reset their password or generate a new badge.
Can I exclude specific users from 2FA or apply it to certain groups?
Yes, 2FA can be applied by an admin on a per user basis, across your organisation or on a group by group basis. Individual users from groups can be excluded.
Does 2FA apply to admins?
As admins are likely to be operating in an office environment, rather than the classroom, we offer 2FA for admins with the second factor being supplied by an authenticator app on a mobile device. This can be turned on or off for all admins, we recommend turning it on for admins due to their increased level of access.
Does 2FA apply to both MyLogin and MyLogin Lite?
Yes, 2FA can be applied to users regardless of which product you are using.
Can user make use of the emojis passwords for 2FA?
Emoji passwords are not part of the 2FA offering as it is aimed at older students. Users that are of an age where they are using emoji passwords should not need 2FA applied to their account.
Comments
0 commentsPlease sign in to leave a comment.