Multi-Factor Authentication (MFA) or One-Time Passwords (OTP)

What is GAuth Authenticator and How Can I Use it?

GAuth Authenticator is a Chrome browser extension.  If you use Chrome to access NCEdCloud, then you can use GAuth to provide your 6-digit OTP.  GAuth does not require the use of a mobile phone or entering your phone number (like Authy).  More information on GAuth can be found on the NCEdCloud MFA page at https://ncedcloud.mcnc.org/mfa.

Why is the NCEdCloud MFA called a "One Time" Password if I have to use it every time?

The "One-Time" in One-Time Password (OTP) refers to the number of times you can use a specific 6-digit passcode to login (one time), not something you only enter once.  A new valid password is generated for your account every 30 seconds so that someone can't look over your shoulder and see your 6-digit code, or a "hacker" can't capture what you enter and try to reuse it at a later time.  It's purpose is to add a "second factor" in addition to your account password, to make your login more secure.  It is usually only implemented for user accounts that have access to

What if I get an ERROR trying to setup Authy?

It you get an error when trying to setup your Authy app, it is likely because you are being blocked from accessing the Authy.com site to register your installation.  You should contact your local Technology Support staff to see about having the Authy.com site "whitelisted" in your content-filtering service (Zscaler or another application).

How often will I need to enter my OTP?

The short answer is once per day.  Your OTP (6-digit code) is part of the login process to NCEdCloud, so if you typically login to NCEdCloud more than once during the day (you use different computers, tablets, etc. or logoff and close your browser during the day), you will need to enter your OTP on the 3rd screen of the login.  If you use the same machine throughout the day, then you’ll only login (and enter your OTP) once.

In the future, will additional users be required to use MFA when accessing NCEdCloud?

Currently, because of the access users with "privileged roles" have to employee and/or student data, MFA has been implemented for anyone with LEA Administrator, LEA Data Auditor, LEA Help Desk, LEA Student Help Desk, School Help Desk and School Student Help Desk roles in the NCEdCloud IAM Service.  If additional privileged roles are added in the future, they will likely be required to use MFA as well.  In addition, due to the risk of cybersecurity attacks and the cost of cybersecurity insurance, many PSUs are considering making MFA mandatory for ALL employees, or at least staff with access

Will I be required to use my personal phone for the MFA One-Time Password?

 

No, there are at least a couple of authentication apps that do not required using your cell phone.  However, unless you only use once device to access the NCEdCloud, it will be easier to set up an authentication application on your phone, than to configure your One Time Password on each device you use.  See the NCEdCloud MFA page for details on the different authenticator applications.

Pages