An introduction to Two Factor Authentication
- 1. What is Two Factor Authentication?
- 2. How does it work?
- 3. What Additional Authentication Factors will SIMS ID accept.
- 4. Before you can use Two Factor Authentication
- 5. What happens when a user logs in after Two Factor Authentication has been enabled?
- 6. You may also be interested in...
SIMS ID introduces Two Factor Authentication.
SIMS ID is provides the option to enable Two Factor Authentication (2FA) for all or some of your users.
In today's world of increasing access to services and data via a single login, it is necessary to consider the risk of a username and password becoming known to a third party. With standard security procedures (especially online) only requiring a simple username and password it has become increasingly easy for unauthorised people to gain access to a user's private data such as email or personal files.
With an increasing amount of pupil data being accessed online SIMS ID gives you the option to apply additional security to the services that you use through SIMS ID such as your e-mail or access to Hosted SIMS or SIMS Primary.
Two Factor Authentication, also known as 2FA, two-step verification or TFA (as an acronym), is an extra layer of security that is known as "multi-factor authentication" that requires not only a password and username but also something that only that user possesses, i.e. a piece of information only they should know or something that they have immediately to hand - such as a physical token.
Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and steal that person's personal data or identity.
Two Factor authentication is something you will be familiar with for securing your Online Banking. It is now increasingly common for service providers and social media companies to allow you to enable Two Factor Authentication when accessing your account details.
SIMS ID will initially support two methods of Two Factor Authentication
You will be asked to provide an Additional Passphrase. On authentication, you will be asked to provide three characters from this Additional Passphrase in addition to your username and password.
For example, you may have set a passphrase of V0ldeM0rtshallNOTBnamed
When authenticating you may be asked for characters 4,7&12 which in this case is 'd','0'&'a'
There are a number of Authenticator Applications that can be installed on mobile devices.
SIMS ID recommend Google Authenticator for iOS and Android devices and Microsoft Authenticator for iOS and Windows-based mobile devices. The links below will help you to download an Authenticator App.
Download Google Authenticator from the ITunes App Store or Download the Microsoft Authenticator App from the ITunes App Store
If you have a Windows Phone then you will need to download the Microsoft Authenticator App from the Windows App Store
There are some things that you and your Site Administrator need to do before you can use Two Factor Authentication.
This has to be done by a Site Administrator.
Full details on Enabling Two Factor Authentication for your site.
When enabling Two Factor Authentication for a site it can be enabled for * all users* or just for some users. An effective from date can also be set to allow users to prepare for Two Factor Authentication.
To use Two Factor Authentication through SIMS ID you will need to have set three security questions. You may have already set these to enable Password Self Recovery. You can do this at any time by clicking the Set Security Questions option in SIMS ID.
These questions are not used as part of the Two Factor Authentication process but are needed in case you have a problem with Two Factor Authentication once it is enabled.
You will need to either Set up an Additional Passphrase
Set up an Authenticator Application
Set up an Additional Passphrase as a Two Factor Authentication Method
Set up an Authenticator Application as a method of Two Factor Authentication
Sometimes it is necessary for a site Administrator to reset a user's Two Factor Authentication settings so they can reset them this may be necessary if they have lost their mobile device. Instructions for a Site Administrator reset of a user's Two Factor Authentication Setting