Tuesday, September 27, 2016

2-Step Your Way to Better Security - Deadline November 2016

You may have heard about it on the news, from neighbors, family or coworkers - a situation that is occurring with increasing frequency - people are unknowingly providing their username and password in a fraudulent email that gives a malicious entity access to one of their online accounts. This is called phishing and the state workforce has been successfully targeted.

In partnership with OIT, we are taking a step towards strengthening the security on our state Google accounts. It is called 2-Step Verification and everyone within our agency must enroll. This one action alone will reduce successful phishing attempts by 90 percent!

Find out about what 2-Step is, how it works, and how you can complete steps to enroll at OIT’s TechU.  

Here's how it works, in a nut shell:
1. Whenever you sign in to Google, you'll enter your password as usual.
2. Once every 30 days, you'll be asked for a code to verify that it's really "you" accessing your accounts. You'll also need a code every time you access your Google account from a new device (say, you log in from your home computer or a tablet for the first time).
3. If someone steals your password through phishing or another security breach, they won't be able to log into your accounts because they won't have access to the secondary code!

Getting Started
The very first time you set this up, you can choose to have a code sent to your phone via text, voice call, or the mobile app. Or, if you have a Security Key, you can insert it into your computer’s USB port. Once you've completed your initial 2-step enrollment, you can change your preferences to receive your verification codes in the manner that works best for you: text, voice phone call, the mobile app, a security key, or even by generating and printing out a list of 10 codes that you can keep with you or store someplace for future use. (That last way is generally the preferred solution for people without a desk phone or work cell phone).

Adjusting for Unique Situations
As of Sept. 27, more than 60 percent of our CDPS Google accounts had enrolled in this protective measure. Various units within our Divisions are working with the Google team to provide solutions for the small percentage of CDPS employees who can't enroll the "typical" way -- for example, employees who share work stations or who don't have the ability to receive the initial code via text, voice call or mobile app. If you work in one of these units, hold off on enrolling in 2-Step until your supervisor explains the solution to you.

Quick Fix for Mobile Phones and Tablets
Many of us access our Google accounts through what are called "third party" apps on our mobile phones and tablets, instead of through the "native" Gmail app. You can continue to do that once enrolled in 2-Step Verification, but you'll need to take one extra step to verify your mobile device/tablet to Google. Find Instructions Here.

Have Questions or Need Help?
If you have any questions or need assistance enrolling, check out the answers to Frequently Asked Questions. You can also email the OIT Google team at 2step@state.co.us.

No comments:

Post a Comment