Skip To Main Content

Multi-Factor Authentication (MFA)

What is Multi-Factor Authentication (MFA)?

Traditionally, to use a computer or email account you just need to know the username (often an email address) and a password. That means if someone knows your password, they can gain full access to your account - your files, your email, your sensitive data. They can digitally impersonate you and others may not know the difference. Multi-Factor Authentication (MFA) is a security practice that protects your account by requiring multiple pieces of information - specifically, something you know (your password) and also something you physically have in your possession. This is usually called a token. For example, you use MFA to access your bank account, because it requires something you have (your ATM card) and something you know (your PIN) to withdraw money at an ATM.

Sidenote: Some services refer to MFA as Two-Factor Authentication (2FA) or Two-Step Verification (2SV). These are all the same thing.

Romoland is requiring MFA to be enabled on accounts to help protect employees from being phished and their accounts used in ways that can be harmful to students or staff. Romoland accounts support these types of tokens:

  • Security key: A physical USB-C key that you can attach to your keychain, and insert when prompted during login. These keys can also be used with modern smartphones either by plugging them into the USB-C charging port (if the phone has that type of port) or via near-field communication (NFC), where you can simply touch the key to the back of the device when prompted.
  • Google Prompt: Available if you have the Gmail app on your smartphone. When you login, choosing this option will allow you to open the Gmail app on your smartphone to approve the login. In this case your smartphone acts as the thing you have.
  • Authenticator app: An app installed on a smartphone that generates a random six-digit code every 30 seconds. When you login, you can choose the Google Authenticator option and then type in the code that appears in the app on your smart phone. This is considered to be a more secure smartphone-based method than the Google Prompt, and also has the benefit that you can use the same app for other online accounts that support the authenticator app method (such as Gmail, Instagram, and Twitter). It's a great way to secure your other personal computer accounts. The downside is that it's a little more involved to setup, but it's still pretty easy.
  • Backup codes: When you enroll in MFA on your account, 10 random codes are generated to allow you to get into your account in the event that you don't have your key or smartphone (if you are using that option). You can print these codes and put them in a very secure place, or you can just contact the IT department in a pinch and we can provide a code for you.

 

Other online services you use may offer options to text a code to your mobile phone or call you. Romoland does not support these methods due to the ease with which phone numbers can be spoofed. If you use a service that only provides these methods it is still worth using because it's better than not having MFA at all, but we don't permit them since we have better options.

Instructions

Enroll in Google MFA using a Security Key

Permanent employees who have been provided with a security key should use these instructions to enable MFA.

 

Enroll in MFA using a phone-based method

This is the recommended method for employees who decline a key or are not eligible (e.g. substitutes, contractors). This uses your smartphone to work as a secure second factor. For permanent employees with a security key, these options can be enabled as optional backup methods.

 

Quick Facts

Romoland is currently rolling out MFA to all staff in phases.

Security keys will be provided for all permanent employees. Employees also have the option of enabling one of the smartphone-based methods as an additional method or convenience.

Keys should be kept secure and available during the workday. It's recommended that it be attached to your keychain where you keep your other district/school key(s). Another suggestion is to attach it to your ID badge lanyard.

Substitute employees and contractors will not receive a security key. They will be required to use one of the smartphone-based methods.

Using one of the smartphone-based methods does not give district staff access or visibility to the smartphone in any way. It is completely private.

Employees may enroll in MFA using one of the smartphone options prior to receiving a security key if that suits your comfort level. The security key can always be added later during the phased rollout.