This article explains why an employee may be asked to use two-factor authentication to verify their identity sooner than expected. Most employees will be asked to verify every 30 days if they select Remember this device for 30 days before pressing Continue during their identity verification. However, there may be times where an employee is forced to verify before that 30 day time frame is up. The main reason this occurs is because the system has determined the employee is logging in from a different location. There are three components the system uses to determine that location: IP address, physical device, and website URL. The combination of these three components form the passkey that the system uses to determine if this is a new location.
The first part of the passkey, the IP address, is designed to help identify the laptop and its location to the internet. The most common reason a laptop gets assigned a new IP address is because it has entered a new physical location. This location will use a different IP address, which could trigger verification if the employee has not logged in from that location recently. Additionally, if a location has multiple IP addresses that differ significantly from each other, the employee may be asked to verify if their device was assigned a different IP address.
The second part of the passkey, the physical device, refers to the computer, laptop, or mobile device the employee is logging in from. If they switch to a different device that has not been used recently, it will trigger a verification.
The final part of the passkey is the website URL. SchoolInsight has three different website URLs: teacherease.com, schoolinsight.com, and common-goal.com. Each URL is considered logging in from a different location, so employees have to verify once per URL.
In addition to a change in the passkey, there are two other common verification scenarios. The first is when an employee logs in using a publicly available device. SchoolInsight tracks if the employee logging in was the last one to do so on every device. If a different user was just logged in, SchoolInsight will then ask the new user to verify themselves. This is to ensure that the new user is not trying to access unapproved credentials.
The final case where verification may be needed is when updating settings related to logging in, such as changing a district's two-factor authentication configuration. This ensures no one is able to unexpectedly change these important permissions, such as a student accessing an employee's laptop.