Frequently Asked Question

Two-Factor Authentication Deployment Overview
Last Updated 5 months ago


Avon Public Schools will soon be requiring two-factor authentication (also known as two-step authentication, multi-factor authentication) on employee Google accounts and Windows login accounts to improve our security posture and meet our insurance requirements. To meet these requirements, we will be incorporating Duo Security as a two-factor authentication solution into the existing IT infrastructure and online services. Duo Security is a company that provides a cloud-based software service that utilizes two-factor authentication to ensure secure access to services and data.

Action required:

No immediate action is necessary. This email is just to notify and educate you about the upcoming rollout of two-factor authentication for Google and Windows logins using Duo.

When will two-factor authentication be required?

Group

Enrollment Begins

Effective Date

AHS & Central Office

Monday, May 23, 2022

Tuesday, May 31, 2022

AMS & TBS

Tuesday, May 31, 2022

Monday, June 6, 2022

PGS & RBS

Monday, June 6, 2022

Monday, June 13, 2022


Employees will receive an email with instructions on how to enroll in Duo and Google two-factor authentication on the enrollment date shown in the table above. Two-factor authentication will be required to access Google and Windows logins starting on the effective date shown in the table above.

What is two-factor authentication?

Two-factor authentication provides a second layer of security to any type of login, requiring extra information or a physical device to log in, in addition to your password. By requiring two different channels of authentication, user logins are protected from remote attacks that may exploit stolen usernames and passwords.

Why do we need two-factor authentication?

Login credentials are more valuable than ever and are increasingly easy to compromise. Over 90% of breaches today involve compromised usernames and passwords obtained from data breaches or phishing attacks.

Two-factor authentication is a cybersecurity best practice and has become a common requirement on financial, shopping, and email websites. Two-factor authentication is now required by insurance carriers and is being deployed by school districts all over Connecticut.


How will two-factor authentication change my login experience?

When logging in to Google or your Windows PC, you will enter your username or email address and password. After your credentials are verified, you will be required to complete a method of second-factor authentication. Think of two-factor authentication as a layer of security added to your pre-existing login method.


What two-factor authentication methods are supported?

For Windows logins, the most convenient method is to receive push notifications using the Duo Mobile app on a smartphone. See: Duo Push Frequently Asked Questions Duo Push Overview Video (44 sec)

For Google logins, the most convenient method is to receive push notifications using the Gmail or Google apps on a smartphone. See: Google Support: Turn on 2-step Verification

For Windows or Google logins, the Duo Mobile app can generate a 6-digit passcode that changes every 30 seconds. This code generation is synchronized with your account and is unique to you. You will be prompted to enter the code when verification is necessary. See: Duo Passcode Overview Video (30 sec)

For Windows or Google logins, a hardware token is linked to your account and then inserted into an open USB port on your computer when verification is needed. Tokens can be requested from the Technology Department by submitting a Technology Helpdesk Ticket. See: Duo Hardware Token Overview Video (22 sec)


What if I don't have cell service to receive the push notification?

Employees can connect their personal device to the staff WiFi in each building so their device can receive the notifications as well as use the "wifi calling" feature of the cellular provider. You may also use the hardware token or passcode generator options that do not require your smartphone to be online.

Will I have to do this every time I log in?

Google and Duo will remember you completed this second level of authentication and will not ask you again for the additional step unless:

  • a login is attempted from another computer

  • a login is attempted from another network location

  • suspicious login attempts were detected for the account

  • the user account has not been validated for an extended period of time


What if I have additional questions or need assistance?

For assistance with the enrollment process:

  1. Review the two-factor authentication knowledge base articles on the Technology Department Helpdesk website.

  2. Submit a Technology Helpdesk Ticket selecting the "2FA, Duo App, Passcode, Token" help topic.


For immediate assistance with a login or account access issue during business hours (Monday - Friday 7am to 4pm), call extension 7227 or 860-606-7227 and select option 1. This is the preferred method to reach a Technology Department technician as it rings more than one person.



Please Wait!

Please wait... it will take a second!