Multi-Factor Authentication (MFA)

Written by Christopher Lee

Last published at: August 9th, 2023

Overview

Account Security measures are becoming more and more important in every facet of ones digital presence.  

Educational institutes are being targeted more and more mostly because of the following:

  • Large amounts of data (student\parent\staff)
  • Many possible ways to access part of all data
  • Limited resources\training to prevent attacks\compromises

As result many insurance companies that provide Cyber Insurance are requiring systems to be protected by multi-factor \ 2-factor authentication (MFA\2FA).  

You may have encountered MFA when your online bank texts or emails you a code to enter for verification.

What is MFA?

What is Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) is the process of using items from different sources to validate one's identity or account. Common sources include: 

  • Something you know: like a password or Personal Identification Number (PIN); 
  • Something you have: like a smart card, mobile token, or hardware token; and, 
  • Some form of biometric factor (e.g., fingerprint, palm print, or voice recognition). 

MFA Summary 


Analogy Time 

   Imagine you have a safe at home with lots of valuable possessions inside. The safe is protected with a code (something you know), which provides one layer of security. But let’s say someone gets a hold of that code. They can use it to open the safe. 

    Let’s say that in addition to a code, you also needed another element to open the safe ­– maybe a key (something you have) or fingerprint scanner (biometrics) . The fact that you need those additional steps to open the safe makes it more difficult for anyone else to open it.

 
 
 
 

Students / Parents

Not on road map

Currently there is no plan to force MFA on student\parent accounts.

 
 
 

Staff / Contractors

Authenticator App users

If choose to use an authenticator app any action that breaks/remove (ie: removing app, new phone) the registration between authenticator app and Microsoft will require it to be re-registered (contact Helpdesk to clear in valid registration)

 

 

MFA User Settings - Setup

To properly use MFA you will need to have at least one sign-in method setup.

E-mail

You may find an appleid.shakopeeschools.org email registered.  You may remove this and enter a personal address if desired.

 

 

To setup sign-in methods visit MFA Portal either via 365 - MFA Portal located in Employee Self Service of ClassLink LaunchPad or at http://aka.ms/mfasetup.

  1. Click “Add Sign-In Method”
  2. Select desired method to setup and complete prompts
  3. Once at least one method configured select desired default sign-in method
    1.  
      This will vary depending on what methods are setup. 
      App based authentication is more secure then call/text.

Resources:

 
 

MFA FOB usage

When prompted for MFA code during account sign in press display button on your issued FOB to display the 6 digit code.

Code is good for 60 seconds. Doughnut in right indicates remaining life of the code, each section is 10 seconds.

 
 
 
 

Vendors

Implementing

Goal is by mid-school year ‘23-’24 all vendor accounts will be MFA'd

 
 
 

FAQ

I deleted the authenticator app and now unable to verify.

You will need to contact Helpdesk to:

  • Remove invalid authenticator registration and allow you to re-register authenticator app.
  • Issue temp pass code
 
 

I got a new phone and now authenticator isn't valid.

You will need to contact Helpdesk to:

  • Remove invalid authenticator registration and allow you to re-register authenticator app.
  • Issue temp pass code
 
 

I am not in building and cannot get confirmation call on desk phone.

You will need to contact Helpdesk to either:

  • Issue temp pass code have either remove 
  • Add additional phone #