SchoolInsight supports native 2FA

SchoolInsight supports native 2FA

8/17/2025

 

In recent years schools across the country have seen an increase in cyberattacks.  Some have lost student data and were confronted with ransom demands to prevent disclosure.  Others had their payroll systems targeted, redirecting direct deposit funds to fraudulent accounts.  This is an increasing challenge to all schools.

 

We strive to help our customers resist these attacks and better secure their SchoolInsight data.  To this end, we’ve long supported two-factor authentication (2FA) through Google Login.  While this has helped many of our customers, not everyone uses Google.

 

So we added 2FA to our native login process.  While logging in, users can be challenged with a second factor after providing their email address and password.  This provides an extra layer of security that’s hard for cyberattackers to defeat.  We support industry-standard authenticators like Google Authenticator and Authy, which provide time sensitive (TOTP) tokens.

In this release, 2FA is supported for employees only (not parents or students). This includes District Admins, School Admins, Instructors, and Financial Users.  Individual users can turn it on for themselves.  They can choose to remember devices for 30d, to reduce the friction of 2FA.  

 

If you’re security conscious, feel free to give our 2FA a try.  Turn this on by going to the “My Account” page.  Select “Add Authenticator App” to enable the functionality.

As part of the setup process, you’ll scan a QR code and demonstrate successful 2FA configuration by providing a valid token.  Once this has been established, you’ll use 2FA codes at login.

Users have the option to remember each device for 30 days.  This will reduce the frequency of 2FA challenges, providing extra security with less friction.  If users change device or location, they’ll need to again pass a 2FA challenge.

 

To provide better control of your account access, we upsized the Login History and devices page.  Users can see the times, devices, and locations of their logins.  

We also send a confirmation email every time you login from a new device.  This will alert users when an unknown/suspicious login occurs.  Our hope is that our users will take action if they are alerted to a suspicious login.

As with most new functionality, we’re taking a phased approach to releasing the code.  Common Goal Systems employees have been using the foundational system for a month, with good success.  We wanted to “burn in” the code before making it available to customers.  In this release, individual users can opt-in to 2FA.  In a near future release, we’ll offer the ability for organizations to force employees to use 2FA during login.  At some point we also plan to offer additional 2FA mechanisms beyond standard Authenticators.

 

We hope you like this new functionality, and that it helps your employees resist cyberattacks.  Feel free to provide us with feedback, there’s a link at the top of every page.


The Common Goal Team