As part of the work that we are doing to address the growing number of cybersecurity concerns at my school we are requiring 2 factor authentication for all employees using our Google accounts.
The GSuite of tools are being using throughout the school and a number of third-party services are leveraging these credentials for their own authentication methods.
This move, along with others which I will detail in future posts, are just some steps we are taking to better secure our user, our data and our school.
When rolling this out in person training, detail instructions and support is needed. With all of this there always some things that unexpectedly pop-up and here are three that did for us and suggestions for solving them:
- To many verification prompts – Some of our employees reported that they were getting multiple prompts on the same machine for a verification code. When logging in be sure to check the box for “Don’t ask again on this computer”.While the message indicates that it will cover the computer, you may be asked if you switch browsers or use an application like Apple Mail. If prompted and have this options be sure to check the box.
- “I don’t always have my phone on me.” – A number of employees say that they don’t always have their phone/device on them to receive the codes. If they are in the middle of lesson this can severely disrupt learning.My suggestions to these employees are to download a set of backup codes and keep them in a file on the desktop of their computer. Google provides 10 unique codes for use when you phone/device isn’t available to you.The codes can be found by logging into you Google account and navigating to Account—>Sign-In & Security—>Two Step Verification—> Backup Codes and clicking the link to get the codes.
- “I don’t have phone coverage in my classroom/office/building.” – I don’t know about you, but my school wasn’t built with mobile phones in mind. We often refer to our buildings a bunkers and find employees huddled in spots in the building when they need to use their personal phones to make a call.Depending on the make and model of your device you can enable WiFi Calling. This does require and assume that you allow your employees to put their personal devices on your school’s network, but with this turned on it will all them to use the wifi network as a bridge to make and receive phone, text and data messaged. Meaning they can get their codes.On an iPhone you can see if this is supported by going to Settings–> Cellular–> WiFi Calling.
These are just a few of the things that have come up for me during the initial phases of deploying 2 factor authentication at my school. I will be sure to post more on this and our cybersecurity efforts going forward.
If you have any thoughts or stories to share please do so in the comments below.
