Let's be honest: cybersecurity isn't the most exciting topic. But at K12 Montana, it's one we take seriously - because Montana school districts are increasingly targeted by phishing attacks and account takeovers, and a stolen staff email account can expose student data, financial records, and more.
Two-factor authentication (2FA) is one of the single most effective protections you can put in place. Here's what it is and how to set it up on a Google account.
Two-factor authentication means that logging in requires two things: your password, and a second code that gets sent to your phone (or generated by an app). Even if a bad actor gets your password, they can't get into your account without that second factor.
You'll need a phone that can receive texts or calls, and ideally an authenticator app (Google Authenticator, Authy, and Aegis are all good options).
1. Log into your Google account and go to myaccount.google.com/security.
2. Click on 2-Step Verification and then Get Started.
3. Enter your phone number and choose Text message or Phone call. Google will send you a code.
4. Enter the code and click Turn On.
Back on the security page, click Backup codes. Google will give you 10 single-use codes to use if you ever can't access your phone. Download or print these and store them somewhere safe - not in your Google account. These are your emergency access codes.
Texts can be intercepted. Authenticator apps are more secure. On the security page, click Authenticator App, then Set up authenticator. You'll see a QR code - open your authenticator app on your phone, scan the code, and enter the generated code to confirm.
Important: don't close out of the setup screen before confirming. If you do, the QR code becomes invalid and you'll need to start the authenticator setup over.
Your Google domain administrator may need to enable 2-Step Verification for your organization first. That's a quick admin console change.
Concerned about your district's cybersecurity posture? K12 Montana Inc. helps Montana schools implement security best practices including 2FA enforcement. Contact us to talk through your options.