What is MFA?
MFA stands for "multi-factor authentication". It is a process used to confirm the person logging in is authorized to have access to the account. MFA will ask for a username, password, and 1 additional verification factor. The purpose of MFA is to help protect users against identify theft, cyber attacks, etc.
Multifactor Authentication may also be referred to as "2 -Factor Authentication", "2 -Step Authentication", or "2 -Step Verification. You are likely already using MFA when accessing online banking, credit card accounts, apps like PayPal, and so on. The purpose is to add an additional layer of security to your accounts.
Who and When?
MFA will be required for all district staff when they use Office365 or Google credentials to access online resources: email, Infinite Campus, etc. MFA only applies when users are trying to access accounts off the school network such as at home or using cellular data. Users will not have to use MFA while connected to the district network.
Multi-factor Authentication Options
Montgomery County Schools has 3 authentication options:
Text Message
Phone Call
Authentication App
Why MFA?
MFA will enhance security by requiring more than a username and password for identification. Usernams and passwords can be compromised leading to data breaches, ransonware, and other security incidents.
Kentucky K12 is taking these steps because:
Education is BY FAR the most aggressively attacked for multiple reasons:
Significant funding over the last 2 years which immediately drew the attention of cyber-criminals.
K12 staff are very service-oriented and generally not as familiar with security controls which makes them easier targets
82% of breaches are due to people giving up/losing/being tricked out of passwords
Phishing is at an all time high. Cyber-criminals are becoming more sophisticated and better at tricking people into sharing personal information, passwords, buying gift cards, clicking on ransomware, etc.