Two Factor Authentication
This guide is intended for use by all employees of PLC Armidale who are granted access to electronic services via a PLC Armidale account. This guide explains the purpose of two factor authentication (referred to herein as 2FA), the reasons for requiring 2FA and the steps to enable 2FA on a school account.
What is 2FA/MFA?
Traditionally IT systems have been protected by key pieces of information. For a majority of systems this is a user identifier (such as a username or email address) and a password. While passwords were initially a secure way of protecting an account through use of encryption technologies and password rules, advances in computing power has shown that even complex passwords are being brute forced or hacked in shorter and shorter timeframes. Longer and more complex passwords can help hold an attack off but a determined attack will eventually gain access to an account. Phishing attacks where an attacker can trick a user into providing their secure credentials are another popular source of data - who has been advised that Australia Post has a parcel for them and all you have to do is click a link?
Multifactor authentication provides an extra layer of security by requesting two or more forms of identification to gain access to an account. Typically this involves a combination of something you know (a PIN number or security question), something you have (a card or token) or something you are (fingerprint or other biometric). For a majority of users a rolling PIN number via SMS or authenticator apps are the most common forms of multi factor authentication, such as those you see accessing government websites or your online banking. By requiring this second form of identity the chances of unauthorised access are reduced as it is less likely that both forms of identification will be available.
Why are we enabling it?
As an educational institution the College holds a large amount of very sensitive data about students and staff. It is deemed important that this data is protected as best we can through good IT security procedures and any additional security measures we can implement. 2FA is a facility built into our single sign on provider that can provide additional protection to all of our accounts. Enabling two factor authentication is a requirement of having a staff account at PLC Armidale.
How does it work for me?
2FA is configured on PLC Armidale accounts to only require authentication when a device is not connected to the school network. Note this is not location based, a device using a hotspot will still prompt for an authentication code onsite. The exact steps will differ depending on what app you are using but the process is as follows:
You will see the regular log in screen on your device (laptop, desktop, tablet or phone)
After entering your correct password a new screen will appear asking you to either:
- Enter a code generated by the Authenticator app, or:
- Approve the access requesting the Cloudwork app on your mobile device.
There is also an option to remember this device for a preset amount of time prior to requiring a new token.
Once permission is granted you will be able to access the required services.
Click on one of the below options to access the set up and usage guide