Google 2-Factor Authentication (2FA)

In recent years, we’ve witnessed a massive increase in the number of schools, businesses, and government agencies falling victim to cybercriminals. As cybercrimes get more sophisticated, institutions like ours are finding their old ways of managing who gets access to important information are no match for modern threats and attacks. Simply put, usernames and passwords are no longer sufficient in protecting our personal and professional information. Consequently, Garnet Valley is requiring all employees and high school students (beginning 2022-2023 school year) to use Google’s 2-Factor Authentication (or 2-Step Verification) to secure their school-issued email accounts. Any staff account that has not completed 2-Step Verification enrollment within 1 week will be locked out of their account & need to contact their school’s Tech Support personnel to reset their access.

 

What is two-factor authentication?

Two-factor authentication adds a second layer of protection during the login process. Currently, your Google login is tied to “something you know” (your password). Two-factor authentication adds the second layer of “something you have” (typically your cell phone but it can also be a temporary code). Even if a password is guessed, phished, or otherwise stolen, an attacker can't sign in without the verification code.

You most likely already have experience using two-factor authentication with online banking or online shopping accounts, so enabling it within Google may not be a new experience. However, if you would like assistance with setting up two-factor authentication, please contact your school's Technology Support person.

Why are we implementing two-factor authentication?

Our cyber insurance provider's requirements for our organization are driven by an ongoing review of what security-related best practices are appropriate.  The following changes are motivating factors in our cyber insurance provider requiring the Garnet Valley School District to implement two-factor authentication. Times are changing and hackers are finding new and creative ways to acquire user passwords; they can buy lists of usernames and passwords on the dark web, they can use social engineering and email phishing tactics to steal passwords, they can use something called “dictionary attacks” as a brute force method to guess weak passwords. Adding a second form of verification dramatically decreases the likelihood of your account being compromised.

How often will I need to use two-factor authentication?

Once you authenticate and complete two-factor authentication on your phone or other devices you will have the option to “Remember this device”. From that point forward, Google will not prompt you to perform two-factor authentication on that device unless you clear your browser’s cache, change your password, or if Google suspects that your account has been breached.

The video above (2:06) is from PC Magazine and provides a summary of why two-factor authentication is important.

The video above (6:33) was created in another district but provides an excellent tutorial on how to enable Google’s 2-Step Verification on your account.

 

How do I turn on 2-Step Verification?

When you enable 2-Factor Authentication (also known as 2-Step Verification), you add an extra layer of security to your account. You sign in with something you know (your password) and something you have (like a code sent to your phone).

To set up 2-Step Verification:

  • Go to the 2-Step Verification page. You will be prompted to sign in to your GVSD Google Account.

  • Click Get started. (Have a phone nearby.)

  • Follow the quick step-by-step setup process.

Once you're finished, you'll be taken to the 2-Step Verification settings page. Review your settings and add backup phone numbers. The next time you sign in, you'll receive a message with a verification code. You also have the option of using a Security Key for 2-Step Verification or a variety of other alternative second steps. We recommend you choose at least one alternative option.

 

FAQ’s

  • If you do not wish to use your personal cell phone, you can use backup codes and other methods to sign in. We recommend you store your codes wherever you keep your other valuable items. See Use 2-Step Verification Without Your Phone (2:26) for more information.

  • You will need to enter a new code every 30 days or after deleting your web browser's cache. On the sign-in page click the option to "Remember verification for your computer" on your computer, and you won't have to re-enter your code for 30 days. Do not select this option for a public computer, such as a shared computer in a library or office.

  • Students in grades K-8 have restricted email access and cannot send or receive emails from outside of Garnet Valley. However, because high school student emails are less restricted than those in the earlier grades, the district feels 2FA is an important security layer to protecting student information.