Hypersecu Blog

Check in weekly for news, events, and security tips

Protect Your Students with 2FA

An Introduction for Educators and Administrators

Two-factor authentication (2FA) is a pretty simple concept; it boils down to “something you have” and “something you know.” But how can it used to protect student information, uphold educator integrity, and ensure administrators maintain a strong, trustworthy relationship with parents?

© | Dreamstime.com

A New World

The facts don’t lie: schools have become good targets for hackers. Whether it’s a student hacking in to change his grades or someone on the outside looking for personal data on students or teachers, schools have seen a large increase in threats.

The move to student record management platforms only makes things easier for hackers—now they can find everything they need all in one place. Here’s the sort of confidential information a hacker can get:

  • home addresses
  • medical records
  • disciplinary records
  • academic standing
  • portraits and or class photos
  • parent contact information
  • court documents (i.e. copies of custody agreements)

Get Proper Protection

Many 2FA devices can be easily integrated into many existing infrastructures. Once the devices are set up, teachers or administrators use the device’s verification code to identify themselves when signing in to their student record management platforms. The tokens use a complex algorithm so that there’s no real pattern in which the passwords are generated, which means hackers can’t study it to guess the next password.

Don’t Be An Easy Target

Hackers always go for the easy targets and using a record management platform that’s only protected with a static username/password makes for an easy target.

Here are some examples of common password hacks:

  • Brute force – hacker bombards website with various password options in hopes of “guessing” the correct one (trial and error approach)
  • Key/screen loggers – passwords are captured as they’re entered in, either by the keyboard or via screen captures (malware)
  • Phishing – hacker sends a fake email which tricks the user into entering their account information. He collects it and re-directs the user to the appropriate site so that the user is completely unaware they’ve been hacked (can be done via text as well)
  • Social engineering – hacker gains information to security questions to obtain password or reset password by posing as a friend or colleague (in person or online)

As for malware and viruses that can crack a password, there’s unfortunately too many to list them all here, and new ways of introducing them to your network are popping up all the time. One such way relies on good Samaritans. An infected USB drive is left somewhere like employee parking lot or cafeteria in hopes that someone will pick it up and put it in their computer to try and identify it. When someone does, the virus is launched into their computer or entire network.

Fortunately, with a strong 2FA product, confidential student information can be secured, which means students are protected from hackers knowing their location and personal information. Integrity is upheld by ensuring accurate and unaltered grades, and administrators can take steps to prevent data leaks to ensure parents feel safe knowing their children’s information is in good hands.