Skip to main content

Protecting accounts with 2-Factor Authentication and Passkeys

Protect your staff and student accounts with an extra layer of security provided by 2FA and Passkeys

With digital fraud on the rise, cybersecurity is increasingly crucial to safeguard user data and maintain trust. As a result, your students and staff can enable two-factor authentication to protect their accounts. As a staff you can also 'enforce 🛡️

What is 2-Factor Authentication

Two-factor authentication (2FA) is a two-step process that requires two proofs of identity – your password and a verification code sent by SMS –, before access to the portal is granted, adding an extra layer of security. Everyone can use it, from prospects to staff users, but it's never mandatory. In other words, upon 2FA being enabled for the school, it's up to users to enable it for themselves as an individual choice.

Note: Two-factor authentication is not compatible with Full Fabric signing in via LinkedIn or through the authentication via application methods.

How can 2FA be activated for staff and student accounts

The profile settings area is the place to go! Both students and staff have an individual profile settings, but naturally in different environments (students will have it in the Student Portal, and the staff in the Full Fabric backoffice). So the instructions below serve for both!

1) Click your name and then Settings (or Profile Settings, as appears to staff) in the bottom left-hand corner

2) Jump to the tab Authentication

3) Click Enable on the two-factor authentication section and add your contact (with the country code included)

4) Click Send Token, which will trigger a verification token to enable your 2FA successfully

5) You will receive an SMS with your token. Add the token and click Verify. Your 2FA is now successfully enabled.

Then, the next time you log in:

1) Insert your details and press Log in as usual

2) Check your smartphone for a text with the verification code

3) Input the verification code under Two Factor Authentication Token and click Log in securely

Adding more security with Passkeys

2FA is pretty safe in itself, but might not be totally flawless (very few things in life are, right?). That's where the passkeys come to play. Students and staff users can opt into passkey-based 2FA, gaining phishing-resistant authentication and a more seamless login experience compared to traditional 2FA methods like SMS or TOTP.

Passkeys are essentially a secure, password-free way to sign in using your device’s fingerprint, face recognition, PIN, or screen lock. They are resistant to phishing and eliminate the need to remember or enter a password.

In the same Profile Settings -> Authentication area mentioned above is where the passkey option is located:

To add a new passkey, follow these steps:

  • Click on Add passkey (see the screenshot above)

  • Give it a name and click Add passkey again:

  • A Google Password Manager window will pop, click Next:

  • Enter your smartphone's PIN, and click Next (if your smartphone has a different security method enabled, such as fingerprint or face recognition, you must proceed with the validation that way):

  • Now your passkey is created! You can see its creation date, the last used date, plus you can delete it or add more passkeys.

Enforcing 2FA on staff and students (admins only)

2FA authentication can either be optional (each profile, student or staff, enables it if they want to), or mandatory. Institution admins can set 2FA as mandatory just for students, or just for staff, of for both!

To do so, follow these steps:

  • Access General Settings -> Access & Security -> Authentication -> Email & Password:

  • Now you can enable 2FA Authentication for students (non-staff) and/or staff:

Once enabled, those profiles will have 2FA Authentication automatically enabled on their accounts on their next login. Since it's enabled at the General Settings level, they will not be able to disable it individually.

Did this answer your question?