How to set up two-step verification for login

What is it?

Two step verification is an extra layer of security on top of a username and password combination. It works on the basis that the system requires 'something you know' (such as a password) AND 'something you have' on your person. So simply finding out a password and username will no longer enough to hack into an account. In Pupil Asset, using Two Step Verification works in the following way:


1) A user will log in in as normal - by visiting https://secure.pupilasset.com
2) Username and password is entered
3) A six digit code will be sent by text message to the mobile phone number held in that member of staff's record
4) The staff member will be prompted to enter the code before gaining access to the system
5) That code will last until midnight that day

Steps to remember before switching on

Firstly, you may need to consider your school's policy on mobile phones for teachers. Without their mobile phone available, the code will be rendered useless and the user unable to log in. Secondly, if there is no mobile phone number saved in that member of staff's record, they will not be able to receive the code and consequently not able to log in. Thirdly you may have staff members who's mobile phone reception is poor. This could also stop them receiving the code.


How to I switch it on

Simply navigate to Admin > School Options > Security and switch Two Step Verification on.


FAQs

Why can't you email the codes? - Because if the user is logged into their email (likely), a hack would be as simple as reading the code from the email inbox.  
Why do you have to text mobiles? - We need something that the user is always going to have to hand.
But we don't allow mobiles on site - Then unfortunately this step isn't for you. Dropbox, Google and other large companies do their second step authentication in this way; it is common practice.  
Can we have a dongle instead? - Unfortunately, this is not supported. 
Why only send one text per day? Swapping between lessons, rooms, computers would be extremely inconvenient (and our text bill would go through the roof!).
Will this protect us from everything? - No. You still need to be vigilant and sensible, but it will reduce the likelihood of hackers gaining access to your data


Further Reading

http://en.wikipedia.org/wiki/Two_factor_authentication
http://www.brighthub.com/internet/security-privacy/articles/128742.aspx

Explore this section

Related pages

For an instant idea of cost, use our simple widget tailored to your needs.

CALCULATE COST