FJUHSD Google 2-Step Authentication (rev. 2022)

There is significant talk in the educational community about “Cybersecurity”. Although this may seem like a new topic, cybersecurity, sometimes referred to as network security, has been and will always be a top concern among those tasked with connecting people to data. Managing network security is a delicate balance between cost, convenience, and security. The cost of securing the network comes in three forms: capital cost from the purchase and maintenance of hardware and software needed to monitor and protect the network; operational costs from the personnel needed to monitor and maintain the security infrastructure; and convenience costs from the time and effort taken by individuals in the organization to comply with the security protocols, such as requiring staff members to use 2-Factor authentication when signing into various systems. This document will focus on the convenience costs and explain the need for and process of implementing Google 2-Step authentication (also known as two-factor authentication or 2FA).

The District has embraced the benefits of Google cloud computing, including collaboration and ease of access. Unfortunately, ease of access can be a temptation for persons looking to collect information, steal data, or disrupt productivity. Hacking end user accounts is one of the easiest ways to gain access to a network and any data therein. Having a unique username and password is not a secure way to protect your account. Usernames are easy to determine, especial when an organization such as ours uses a naming standard. Passwords are also easy to determine. With the increase of email phishing and malware, capturing account passwords has become commonplace. To help protect District staff members from this kind of activity, the District will implement Google 2-Step authentication, effective with the 2018/19 school year. Google 2-Step authentication will help protect your Google G-Suite account from malicious access in the event your account login information (username or password) is compromised. Google 2-Step authentication relies on first, something you know, such as your username and password and second, something you have, such as your smartphone, office telephone, or key fob. This type of authentication adds an additional layer of determining proof of your identity.

The District will implement Google 2-Step authentication over the next 6 weeks (see page 7 for rollout schedule). The following is a step by step process to setup 2-step authentication using the voice or text message method. If you wish to use other methods of 2-step authentication such as a Security Key, Google Prompt, Authenticator App, or Backup Codes please contact your site technician or a member of the District technology team for more information. All methods of 2-step authentication will be covered during the tech training day at your site. If a staff member fails to set up Google 2-Step authentication by the date noted in the rollout schedule “Deadline to Enroll” they will be locked out of their Google account. Staff members locked out of their account will need to contact their site technician or school secretary to regain access.

Voice or Text Message Method

On the start of notice date for your site the message below will be displayed during the standard Google login process. Click the “Enroll” button to configure Google 2-Step authentication. If you are short on time you may click the word “Later” at the bottom of the screen. Remember, staff members that fail to set up 2-step authentication by the deadline will be locked out of their Google account.

You can also setup 2-Step authentication prior to the warning message or if you have already closed the message go to your account page by clicking on your picture in the top right of the browser window and click Manage your Google Account

When this page opens you will click on Security. Scroll down the next page until you see 2-step Verification

Voice or Text Message Method

Voice or text 2-Step authentication method sends a single use passcode to a telephone or cell phone in the form of a voice or text message. This can be the telephone at your desk or a work or personal cell phone. After entering a number select “Text message” or “Phone call”, then click the “NEXT” button. If you are planning on using a Fido Key or the Google Prompt App click choose another option at the bottom of the screen.

Remember you will need a single use passcode each time you login, so the authentication device (telephone or cell phone) you choose will be needed near the computer or device that you use to login. If you choose to use your desk phone you will not be able to login while away from your desk unless you choose to add a second authentication device or method (see page 5 for more information). You will not need a single use passcode after waking a chromebook from sleep mode. On some Windows browsers where cookies are enabled, there is an option to remember your passcode for 30 days.

Voice or Text Message Method

A confirmation 4 digit passcode will be sent to the telephone or cell phone that you entered in the previous step. Enter that passcode on the line noted “Enter the code”, then click the “NEXT” button at the bottom right corner.

Voice or Text Message Method

If everything worked correctly you should be taken to the verification screen. This means that the telephone,cell phone number, Fido Key, or Google App you entered was successfully verified as a 2-step authentication device. You MUST click “Turn On” to enable 2-Step authentication. REMEMBER, staff members that fail to set up 2-Step authentication by the deadline will be locked out of their account.

Voice or Text Message Method

REMEMBER:

Staff members that fail to set up 2-Step authentication by the deadline will be locked out of their account. Staff members locked out of their account will need to contact their site technician or school secretary.
You will need a single use passcode each time you login, so the telephone or cell phone you choose will be needed near the computer or device that you use to login.
If you choose to use your desk phone you will not be able to login while away from your desk unless you choose to add a second authentication device or method. To add a second authentication device click here https://myaccount.google.com/signinoptions/two-step-verification , login, and select “ADD PHONE” in the “Voice and text message” section.
Google 2-Step authentication cannot be turned off.
Google 2-Step authentication is not needed when waking a Chromebook from sleep mode.
On some Windows browsers where cookies are enabled, there is an option to remember your passcode for 30 days.

If you wish to use other methods of 2-step authentication such as a Security Key, Google Prompt, Authenticator App, or Backup Codes please contact your site technician or a member of the District technology team for more information.

Thank you for setting up your Google 2-step authentication. While this process may seem a nuisance, it is important to the security of your account. The District is implementing this added level of security due to a continuing threat to cybersecurity. Your compliance is sincerely appreciated.