Management Information Sheet
Turning on 2-Step Verification for Staff Google NSIX email accounts
Due to the increased cyber-attack threats to education establishments, we strongly recommend that schools follow the NCSC (National Cyber Security Centre) guideline and ensure 2-Step Verification is turned for all staff email accounts.
This functionality is available on the Google NSIX accounts for staff email accounts and details of how to set this up is below:
Protect your NSIX Google account with 2-Step Verification
With 2-Step Verification (also known as two-factor authentication), you add an extra layer of security to your account in case your password is stolen. After you set up 2-Step Verification, you'll sign into your account in two steps using:
- Something you know, like your password
- Something you have, like your phone
To turn on 2-Step Verification
- Open your NSIX Google Account by going to myaccount.google.com.
- In the navigation panel on the left side, select Security.
- Under "Signing into Google," select 2-Step Verification and then Get started.
- Follow the on-screen steps.
Your account, username@nsix.org.uk, is associated with your school. If you can't set up 2-Step Verification, please contact ICT Solution service desk on 01603 475603.
Verify it's you with a second step
After you turn on 2-Step Verification, you'll need to complete a second step to verify it's you when you sign in. To help protect your account, Google will request that you complete a specific second step.
Use Google prompts
Google recommend you sign in with Google prompts. It's easier to tap a prompt than enter a verification code. Prompts can also help protect against SIM swap and other phone number-based hacks.
iPhone/iOS - Google prompts are push notifications you get on iPhones that are signed in to your NSIX Google Account with the Smart Lock app, Gmail app, or Google app.
Android - To use Google prompts on an Android device, you need your Android device to be up to date with its updates. If you sign into another compatible phone with your NSIX account, you automatically get Google prompts on that device, until you sign out.
Google prompts are push notifications you'll receive on:
- Android phones that are signed in to your NSIX Google Account
- iPhones with the Smart Lock app, the Gmail app, or Google app signed in to your NSIX Google Account
Based on the device and location info in the notification, you can:
- Allow the sign in if you requested it by tapping Yes
- Block the sign-in if you didn't request it by tapping No
(For added security, Google may ask you for your PIN or other confirmation (FaceID) when using a mobile device.)
Use other verification methods
You can set up other verification methods in case you:
- Want increased protection against phishing
- Can't get Google prompts
- Lose your phone
Use Google Authenticator or other verification code apps
Important: Never give your verification codes to anyone.
You can set up Google Authenticator or another app that creates one-time verification codes when you don't have an internet connection or mobile service.
Enter the verification code on the sign-in screen to help verify it's you.
Use a verification code from a text message or call
Important: Never give your verification codes to anyone.
A 6-digit code may be sent to a number you've previously provided. Codes can be sent in a text message (SMS) or through a voice call, depending on the setting you chose. To verify it's you, enter the code on the sign-in screen.
Tip: Although any form of 2-Step Verification adds account security, verification codes sent by texts or calls can be vulnerable to phone number-based hacks.
If you require any help or advice on setting up 2-Step Verification, please contact the ICT Solutions Service Desk on 01603 475603 or email ict@norfolk.gov.uk