As many organizations have learned, protecting account data and login information on the Internet must be a primary concern. More and more web sites have been targeted by hackers, using bugs, phishing schemes, exploits or loopholes to gain access to accounts or sensitive information. Funds For Learning was even targeted back in 2012. Providing secure access is of foremost importance for web-based services.
At Funds For Learning® we take security very seriously. Over the years, we have taken continuous steps to maintain a level of security that protects E-rate Manager® users. We have taken bold, systemic changes, such as migrating our servers from a traditional local server cluster to a cloud-based solution (providing both enhanced stability and security) and updating our user password protocols to ensure that accounts are safe and secure. We have also taken simple steps, such as encouraging our users to have good password management habits.
Our next feature to protect your E-rate Manager account is to introduce a two-step authentication process. Two-step authentication for login information is the developing industry standard for web services. You have probably already seen the two-step process implemented by major email and shopping services online.
Most people already utilize similar authentication for some of their most valuable information in everyday life – with an ATM/debit card (swiped for step one) and a PIN (step two). Both steps are required to ensure the security of the cardholder, and ensure valid transactions.
Our new two-step process will work in the same way. Step one is your existing username and password. This knowledge-based authentication authenticates that the user knows the credentials to access the appropriate account. Step two comes through an access code or link sent to the email address of the account holder, providing a second layer of ownership-based authentication.
For most users, step two will be a one-time process, only repeated if the user is inactive in E-rate Manager for months, or when a new device accesses the account. Each user can go through the short process later this month when the feature is deployed.
The process is simple and straightforward – most likely forgotten in time, and running behind the scenes. But it is a vital step as we continue our dedication to protecting E-rate Manager user accounts, E-rate information and documentation.