Frequently Asked Question

How Do I setup MFA on insideTrinity
Last Updated about a month ago

Multi-Factor authentication means using more than 1 factor to authenticate to any system.  The three factors of authentication are:

  • What you know (e.g. passwords, pin #s, security questions, etc.)
  • What you are (e.g. thumbprint, retinal scan, facial recognition etc.)
  • What you have (e.g. phone, laptop, app, security token, usb stick, etc.)

You already know you have a password.  That's 1 factor.  And while a strong password, that is unique and not used anywhere else on the internet is a pretty good deterent.  Most users aren't that secure.  So InsideTrinity gives you the option to turn on other factors.  The two methods we have available to us are both part of the "What you have" factor.  You can use an authentication app like Google Authenticator, or you can use a security passkey stored on your phone, a usb YubiKey or TitanKey, or a password manager.

Here is how to set up the different options.

  1. Login to insideTrinity (https://inside.tbc2day.edu)
  2. Click on your User Icon in the upper-right corner of the page (either your photo or a circle with your initials in it)
  3. Click on MFA Settings from the drop-down menu
    image

  4. Under the "Available Factors" you'll see two options.  "Authenticator App" and "Security Key".

Authenticator App

You can use any authenticator app that supports TOTP (Time based One Time Passcode) protocol.  The most common free examples are Google Authenticator, Microsoft Authenticator, and most Password Managers.

The details for how to use your app will differ from app to app, but here is a video demonstrating how to set up MFA on Moodle using Microsoft Authenticator

To get started click on the "Setup App" button in the Authentictor App section.

On the next screen you'll see an option to label the authentication.  You can put any name here, it's just a label to let you know what app/device you have this saved on.  We will go ahead and put "Google Auth" as an example.

image


Next in your App click the "+", or Scan QR Code button to scan the QR Code provided.  If you can't scan the QR Code (for example if you're adding MFA from your phone and it doesn't let you scan the screen) there is also a 'Can't Scan' button.  This will reveal a secret key that you can copy and paste into most Authenticator apps and it will do the same thing as the QR Code.

Once your authenticator app is producing 6 digit numbers, you can enter the numbers into the verification field and hit Save Changes.

image

The Authenticator app will create a new code every 30 seconds.  Both the server and the app have the same secret key and use an algorithm that uses time to create the six digit code.  As long as both your app and the server agree on what time it is, the code will always match.  

The next time you login you'll be presented with a request for the most recent code.  Enter it and you're logged in.  PLEASE NOTE: There is a checkbox that authorizes a specific computer with a cookie to only require MFA verification every 30 days.  You should only use this if the computer or phone you're logging in from is a private device that you own and no one else uses.  It's handy to authorize a trusted device, but if you do this on an insecure device that mutliple people can use, it's possible for an attacker to get in only using your password.  

Security Key

Think of a security key as a physical, digital house key for your Moodle account.

Just like you need a physical key to unlock your front door, a security key is a device, this can be your smartphone, laptop (if it supports the feature), or like a tiny USB thumb drive (e.g. YubiKey, TitanKey) that you plug into your computer or tap against your phone to prove that you are the one actually logging in.

Here is the easiest way to understand it:

  • It replaces untrustworthy codes: Instead of waiting for a text message or typing in a 6-digit code from an app, you just touch the key.
  • It stops hackers in their tracks: Even if a hacker manages to steal your Moodle password, they still can't get into your account because they don't have your physical key sitting on your desk.
  • It’s effortless: You type your password, insert or tap your key when prompted, and you're safely logged into Moodle.

The recommended kinds of Security keys are YubiKeys.  These are physical devices that plug into your USB port.  If you don't have one, or would prefer to use your smartphone that is also possible, both Windows and MacOS have an option to pair with a phone wirelessly for this purpose.  The reason it's secure is because you need that device specifically if you wish to sign in.  If you don't have it with you, you can't access the website.  

Our Moodle Install does also support software keys.  These are considered less secure as they are stored in a software like a Password Manager.  But they do work.  

As the full instructions will depend on your device/software the gist of the process is this.

Under the Security key section hit "Setup Security Key".

Give it a label

Hit the "Register Security Key" button

image

Your browser will send a request to the security system on your device to register the key through whatever means you've set up.  

Please Wait!

Please wait... it will take a second!