An introduction to Two Factor Authentication
SIMS ID introduces Two Factor Authentication.
SIMS ID is providing the option to enable Two Factor Authentication (2FA) for all or some of your users.
What is Two Factor Authentication?
In today's world of increasing access to services and data via a single login, it is necessary to consider the risk of a username and password becoming known to a third party. With standard security procedures (especially online) only requiring a simple username and password it has become increasingly easy for unauthorised people to gain access to a user's private data such as email or personal files.
With an increasing amount of pupil data being accessed online SIMS ID gives you the option to apply additional security to the services that you use through SIMS ID such as your e-mail or access to Hosted SIMS or SIMS Primary.
How does it work?
Two Factor Authentication, also known as 2FA, two-step verification or TFA (as an acronym), is an extra layer of security that is known as "multi-factor authentication" that requires not only a password and username but also something that only that user possesses, i.e. a piece of information only they should know or something that they have immediately to hand - such as a physical token.
Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and steal that person's personal data or identity.
Two Factor authentication is something you will be familiar with for securing your Online Banking. It is now increasingly common for service providers and social media companies to allow you to enable Two Factor Authentication when accessing your account details.
What Additional Authentication Factors will SIMS ID accept.
SIMS ID will initially support two methods of Two Factor Authentication
Random Characters from a Passphrase
You will be asked to provide an Additional Passphrase. On authentication, you will be asked to provide three characters from this Additional Passphrase in addition to your username and password.
For example, you may have set a passphrase of V0ldeM0rtshallNOTBnamed
When authenticating you may be asked for characters 4,7&12 which in this case is 'd','0'&'a'
Authenticator App.
There are a number of Authenticator Applications that can be installed on mobile devices.
SIMS ID recommend Google Authenticator for iOS and Android devices and Microsoft Authenticator for iOS and Windows based mobile devices. The links below will help you to download an Authenticator App.
I have an iOS (Apple) Device
Download Google Authenticator from the ITunes App Store or Download the Microsoft Authenticator App from the ITunes App Store
I have an Android Device
Download Google Authenticator from the Google Play Store Or Download Microsoft Authenticator from the Google Play Store
I have a Windows Mobile Device
If you have a Windows Phone then you will need to download the Microsoft Authenticator App from the Windows App Store
Before you can use Two Factor Authentication
There are some things that you and your Site Administrator need to do before you can use Two Factor Authentication.
Site Administrators need to...
Enable Two Factor Authentication for your site.
This has to be done by a Site Administrator.
Full details on Enabling Two Factor Authentication for your site will be available shortly.
When enabling Two Factor Authentication for a site it can be enabled for * all users* or just for some users. An effective from date can also be set to allow users to prepare for Two Factor Authentication.
Users need to
Set up your Security Questions.
To use Two Factor Authentication through SIMS ID you will need to have set five security questions. You may have already set these to enable Password Self Recovery. You can do this at any time by clicking the Set Security Questions option in SIMS ID.
These questions are not used as part of the Two Factor Authentication process but are needed in case you have a problem with Two Factor Authentication once it is enabled.
Enable a Two Factor Authentication method.
You will need to either Set up an Additional Passphrase - Information on how to do this will be available soon.
or
Set up an Authenticator Application - Information on how to do this will be available soon.