What is Two-factor Authentication (2FA)?
Two-factor authentication (2FA) is an identity verification feature employed in various online systems, notably by banks and financial institutions. 2FA conducts a non-invasive but highly effective “double check” when people sign in for the first time on a new device, sending them a unique Access Code (for example, via SMS) to make sure they are indeed the owner of the username and password provided.
A simple analogy would be to liken it to withdrawing cash from an ATM: you need both your card and your PIN for your bank to process the transaction. One without the other is not sufficient proof of your identity. 2FA is a digital version of this process.
2FA is one of a number of vital security techniques designed to protect your data from being compromised. In fact, it is one of the ‘Essential Eight’ strategies to mitigate cyber security incidents according to the Australian Cyber Security Centre (ACSC). It’s not the only solution, of course, but the fact that it is simple to understand and implement while offering powerful protection makes it a great place to start.
2FA in Compass is most effective where the verification token is sent via SMS to the mobile phone numbers we have on file for each user of their Compass portal. We do provide email verification as an alternative, and will soon be introducing push notification functionality for the Compass app as well.
Compass conducts the 2FA verification process the first time a user signs in on a new/unrecognised device, or when they’ve not used a given device for several months.
Why should I enable 2FA in my school?
At Compass we take every possible precaution in order to handle your data without risk of compromise, but there are extra layers of security that you can add at your end for both increased protection and peace of mind. 2FA is one of those extra layers.
Enabling 2FA also provides an opportunity to bring your staff onboard with modern security practices and gain a greater appreciation for the importance of safely using their username and password to prevent data being compromised.
How can I enable 2FA in my school?
To enable 2FA for your portal, sign in to Compass and hover over the cog menu icon in the top right of the screen. From here, locate ‘Administration Tools’ and scroll to ‘Security Settings’.
You’ll note three checkboxes:
- Enable 2FA for members of staff;
- Enable 2FA for students;
- Whitelist connections to Compass from proxy.education.netspace.net.au
Simply enable the options you require. If you want to prevent users from being required to conduct their one-off 2FA check when accessing Compass from within the school network, be sure to enable the final option.
Below these options you also have two additional options:
The ability to whitelist specific IP addresses so that people access Compass from those locations don’t need complete 2FA. This is where you might choose to put your school’s Internet IP address range if you use a third party Internet provider. If you need to whitelist any IP addresses, you can type them into the applicable field and click 'Add'. To remove any whitelisted IP addresses from your list, click the associated red 'x'.
The ability to blacklist specific email domains so that they can’t do 2FA (this ensures staff aren’t getting their 2FA Access Code from particularly insecure email accounts). To blacklist an email domain, type in the domain name and click 'Add' in the applicable field. If you need to remove any email domains from your list, click the associated red 'x'.
How does the sign-in process work once 2FA is enabled?
Compass conducts the 2FA verification process the first time a user signs in on a new/unrecognised device, or when they’ve not used a given device for several months. For regular user of Compass, this means will need to conduct the verification process very rarely.
If verification is required, then just after entering their username and password into the Compass sign-in page, a unique Access Code will be issued to the registered email address or mobile number. Once the code is typed into Compass, the user will have normal access to their Compass account.
Is there any cost to enabling 2FA?
There is no annual subscription cost associated with enabling two-factor authentication. However, if the user selects the SMS option to receive their unique Access Code when logging in, the standard charges per SMS will apply.
All SMS messages issued are charged separately at $0.078 (exclusive of GST) per message and are invoiced at the end of every month to the school (providing that more than $5 worth of charges have been incurred).
Should the user choose email or push notification, these charges will not apply.
How long will it take to receive the Access Code?
Once an Access Code has been requested it will generally take under one minute for a user to receive through their chosen email address or phone number. This will require ensuring that the user has their correct, current contact details saved to their account in Compass.
Should a member of staff not receive their Access Code after requesting it, they should contact their school’s Compass manager or IT team to verify that their account email address and/or mobile number is correct and up-to-date.
Who can I contact for more information?
Compass has a dedicated support team based in our North Balwyn headquarters, available to answer your questions Monday to Friday from 7am. Our team will be on hand to answer any issues.