Internet Security and our Students: Should we be encouraging 2-Step Verification on Google Accounts?
I want to start today's post out with a small confession. Lean in on this one …
Are you ready???
Here it is …
I like to sleep.
Yes, I said it … I enjoy sleeping. I very much enjoy lying down after a hard days work and lots of baby hugs close my eyes without anything on my mind. Why do I mention this you ask? Because it's time to talk about a topic that is very near and dear to my heart … Website Security.
I get it … we are tired of having passwords for everything we do. We are tired of remembering what services have which passwords that contain an uppercase, lowercase, special character and a series of numbers. Who can remember all of these???
However, we all understand that security is important and something that is MUCH needed in today's digital age. Would you believe in the fact that TeacherCast, each month, receives over 22,000 (!!!) malicious login attempts. This doesn't even include the thousands of spam comments that must get deleted every week.
Let's talk about your email. Recently, Google introduced a new 2-Step Verification process where in order to access your valued and secure information, you would need to first type in your password and THEN type in a security code that is sent to one of several devices (your phone is the most popular method). I can't agree more that this is a welcome addition to our Google Apps feature set. However, I wonder if this is something we should be doing with our students?
2-Step Verification
Without thinking much of it and always moving towards being the most secure that I can be, I signed up for the 2-Step process and chose my method. There are several ways that you can have this second code sent to you. My choice was by text message.
By signing up for 2-Step and agreeing to their terms of service, I was immediately ejected from all of my Google Services on ALL of my devices. This means that I needed to sign back into my Google Account on ALL of my devices. My phone, my many laptops, my many desktops and ALL of the apps and extensions. This wasn't a major problem, but I lost count after the 30th time I needed to relink my accounts. Remember that just in Chrome, you are logged into Google AND your Chrome account. This is TWICE the signing in.
Why Is This Important To Sign Up For?
Do I regret signing up and putting myself through all of this? Certainly not. As I stated in the opening paragraph … I LIKE TO SLEEP. I'm not interested in going to bed at night wondering if anything would be signing in to my accounts without my knowledge. Google, by itself, is very secure and with this new process, the security just hit the roof.
Is 2-Step Verification Right For My School District?
This is a question that I simply can't answer. It's hard enough to teach our students to have a secure password. It's hard enough to tell your entire school district that they will be needing to change their passwords every 6 months. I'm not sold on the fact that this is a needed feature for young learners. I can also see this as being a nightmare for teachers.
Should You Try It?
However, I do agree that as Gmail users, it is a service that requires some serious consideration.
If you are interested in turning on 2-Step Verification and testing out this system, the information below was copied directly from Google's Support Website.
Turn on 2-Step Verification
When you enable 2-Step Verification (also known as two-factor authentication), you add an extra layer of security to your account. You sign in with something you know (your password) and something you have (a code sent to your phone).
Set up 2-Step Verification
- Go to the 2-Step Verification page. You might have to sign in to your Google Account.
- In the “2-Step Verification” box on the right, select Start setup.
- Follow the step-by-step setup process.
Once you're finished, you'll be taken to the 2-Step Verification settings page. Review your settings and add backup phone numbers. The next time you sign in, you'll receive a text message with a verification code. You also have the option of using a Security Key for 2-Step Verification.
Note: To ensure that you can access your account in the future, add an email recovery option as well.
Turn off 2-Step Verification
Signing in with a password and a verification code means your account is more secure. When you remove this extra layer of of security, you will only be asked for a password when you sign in, which makes it easier for someone to break into your account.
Turning off 2-Step Verification
- In “Signing in & security” section of My Account, select 2-Step Verification. Sign in with your username, password, and verification code if asked.
- Select Turn off 2-Step Verification.
- A pop-up window will appear to confirm that you want to turn off 2-Step Verification. Select Ok.
Revoking app passwords you no longer use
If you used App Passwords to authorize applications to access your Google Account, you may see errors when you turn off 2-Step verification. If this happens, re-enter your Google Account password. We recommend you go back to using passwords — rather than App Passwords — to access these applications. To revoke your app passwords, please follow the steps below:
- Sign in to My Account.
- In the “Sign-in & security” section, select Signing into Google.
- Choose App passwords, you may have to re-enter your password.
- Select Revoke for any application or device whose code you want to revoke.
Note: You'll need to reauthorize each application that has a revoked App Password by entering your username and password, just like you did before turning on 2-Step Verification. You might not be asked for this information the next time you use the application because some applications take longer to recognize that an App Password has been revoked.
In addition, remember to destroy all backup codes that you had been using to verify this account.
Share Your Experiences
Have you tried 2-Step verification or are you interested in testing things out? Please let us know what you think in the comments below.
About the author, Jeffrey Bradbury
Jeff Bradbury, creator of TeacherCast, and father of the famous @EduTriplets Thanks for checking out TeacherCast today. Please take a moment to find me on all of my Social Media channels!