The year is 2022. And the most common password, according to NordPass’ latest list of the top 200 most common passwords, is still "password." (Let that sink in for a moment...)
Pivot Interactives hosts some of the most valuable data a school can have: student personally identifiable information (PII), instructor PII, grades, feedback, and other federally protected data. This private information needs to stay private - and hackers and other wrongdoers would love to bring it to the open. Therefore, Pivot Interactives has implemented some new password security changes and requirements.
#1. Password Requirements Moving Forward
Moving forward, all passwords will have a minimum eight (8) character length. Additionally, instructor passwords will be required to have the following:
1 Upper Case Letter (example: ABCDE)
1 Lower Case letter (example: abcde)
1 Number (example: 12345)
1 Special Characteristic (example: !@#$%)
While old passwords will not be changed, new passwords must meet this requirement.
Tips for Good Password Security
Never use personal information such as your name, birthday, user name, or email address. This type of information is often publicly available, which makes it easier for someone to guess your password.
Don't use the same password for each account. If someone discovers your password for one account, all of your other accounts will be vulnerable.
Avoid using words that can be found in the dictionary. For example, biology1 would be a weak password.
Random passwords are the strongest. If you're having trouble creating one, you can use a password generator instead.
Remembering passwords can also be hard.
Consider using the password manager in your browser, like Chrome's Password Manager, or the password manager that comes with your device, like Apple's Password Manager. Additionally, there are third-party password managers, such as 1Password and Keeper, that work across multiple browsers, devices, and operating systems.
As always, be sure to follow your district's password security rules and preferences when keeping and maintaining your confidential passwords.
#2. Multi-Factor Authentication (MFA)
How does MFA work?
According to OneLogin, "Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack."
In multi-factor authentication, applications use multiple verification venues to build your "digital fingerprint." This could include having a password, a pin, a one-time launch URL, accepting a token or popup on your phone, using your actual fingerprint on your device, and more!
In Pivot Interactives, our MFA combines your personally generated password with a random pin from an authenticator app. Common authenticator apps include:
Microsoft Authenticator (come standard with Windows devices)
Google Authenticator (comes standard with Samsung and Google phones)
Apple's Built-In Authenticator (comes standard with Apple devices)
1Password (paid service)
Keeper (paid service)
How do I set up MFA?
Go to your Profile, then scroll to the bottom of the page. There is an area labeled Multi-Factor Authentication. Click the Configure MFA button to get started.
This will open a modal that looks like this:
This modal resets every time you close it! So, you will need to do this in one go.
With the modal open, follow the steps in your authenticator app to add a multifactor authenticator. Usually, these apps will have the option to scan a QR Code. This is the method you will need to use. Simply scan the QR code shown on your profile with your app to add the code to your app list. It will appear in the list as:
Pivot Interactives (your email here)
Click Continue in the modal to move to the next step.
Once you scan the QR code, a six-digit number will appear on your authenticator app, usually with a countdown timer. This code is called a token. Enter this code into the MFA Secret area, then click Submit.
As a note: the code may change while you're typing. If this happens, you will need to enter the new code that appears in your authentication app.
Once this is done, you will have a completed Multi-Factor Authentication. You must enter this code each time you log in to Pivot Interactives.
Still stuck?
Here's a video on how to set up Google Authenticator (not from Pivot Interactives - hosted on YouTube). The directions show you how to set up Google Authenticator with Facebook, but the premise is the game with Pivot Interactives. Just scan the QR code with the app and POOF! You're in.
For more information:
How do I change my MFA?
Once you have set your MFA, you can reconfigure it anytime. Go to your profile and click the Reconfigure MFA button to change the authenticator that you use. You'll follow the same sets to set up the new authenticator that you used to make the old authenticator.
Frequently Asked Questions
FAQ: If I change my password, will I need to change my MFA? What if I change my MFA - Will I need to change my password?
No. Your password and your multi-factor authentication exist separately and are maintained separately. Changing one will not impact the other.
FAQ: I'm completely locked out of my account because I cannot access my MFA. What should I do?
Contact our amazing Support team using the chat bubble on your right. We will be able to help remove the MFA and reset your password.
FAQ: I can't change my password now. What happened?
A recent change to SSO-managed accounts has changed how students and instructors may reset passwords. If your account is managed by an SSO (Clever, ClassLink, Google, or Microsoft), your password and profile settings are also managed by your SSO provider. You will not be able to reset your password within Pivot Interactives if you are using an SSO. If you have additional questions, please contact us in the chat.