Starting March 1, 2022, USD 234 will begin rolling out a technology called “2-Step Verification” within Google (Gmail).  You may know it by other names like “2FA," “two-step authentication," or “multi-factor authentication (MFA)."  At first, “2-Step Verification” will be recommended, but not required.  After July 1, 2022, “2-Step Verification” will be required for all employees of USD 234.  Over the coming weeks and months, we will send out updates and reminders to keep everyone updated.

2-Step Verification adds a second layer of protection during the login process.   Currently, your Google login is tied to “something you know” (your password).  2-Step Verification adds the second layer of “something you have” (typically your smartphone and, absent that, a USB security key).  You most likely already have experienced using 2-Step Verification with an online banking account, so enabling it within Google will, hopefully, not be a new experience.

Times are changing, and hackers are finding new and creative ways to acquire user passwords; they can buy lists of usernames and passwords on the dark web; they can use social engineering and email phishing tactics to steal passwords; they can use something called “dictionary attacks” as a brute force method to guess weak passwords.  Adding a second form of verification dramatically decreases the likelihood of your password being compromised.

Google will not require 2-Step Verification every time you log in.  Once you authenticate and complete 2-Step Verification on your phone or computer, you will have the option to “remember this device."  From that point on, Google will not prompt you to perform 2-Step Verification on that device unless you clear your browser’s cache, change your password, or if Google suspects that your account has been breached.

2-Step Verification will not be enforced until July 1, 2022.  Until that time, you are encouraged to familiarize yourself with the process and enable it when you are ready.  You will receive regular reminders from the Technology Department leading up to the deadline.  If you do not enable 2-Step Verification by the date listed above, you will be locked out of your account and will need to contact the USD 234 IT department to regain access.  If you are interested in enabling it now, feel free to do so; we encourage it!  Directions for enabling 2-Step Verification are here:   https://support.google.com/accounts/answer/185839.

There are a couple of different methods you can use to complete 2-Step Verification. They are:

• Use a Google application configured on your phone (recommended)

• Use text messaging (the preferred backup method)

• Receive a voice call at a different telephone number (ex: your office landline)

• Print 10 pre-established backup codes

The Google application method mentioned above is called a “push” authentication. With push authentication, you just have to bring up a Google app on your phone and acknowledge the 2-Step request.  On an iPhone, we suggest you use the Gmail app or the Google Search app (both are free in the App Store; just log into either app with your USD 234 email address). On an Android, you just need to be logged into email with your USD 234 address.  It is important that you set up backup methods for completing 2-Step Verification in the event that you do not have your phone.  To set up backup methods once 2-Step is enabled, go to https://myaccount.google.com/ and select “Security” on the left, click the right arrow next to “2-Step Verification," enter your password, then follow the prompts in the section labeled, “Available Second Steps."