About Multifactor Authentication

Education Sector Logon (ESL)

Log into ESL self-service

About Multifactor Authentication

Quick Navigation

What is Multi-Factor Authentication (MFA)?

MFA is an IT security feature that provides an extra layer of security to your account. MFA can help to stop hackers from pretending to be you, even if they have your password, they are unlikely to also have the passcode generated by your multi-factor Authenticator application too.

This security feature may seem familiar as online banking systems and some social media platforms use MFA too.

Use Google, Microsoft, or any authenticator app of your choice, available to download from the App Store or Play Store on your smartphone.

This method is where the Authenticator App generates a new 6-digit passcode every 30 to 60 seconds and you use this code to prove that you are both the owner of the ESL account, and the MFA linked to the ESL account.

Why is MFA needed?

Today passwords or passphrases are not enough. Cyber-criminals can:

•    guess your passphrase.
•    trick you into sharing your passphrase.
•    remotely access and control your devices.
•    try using stolen passphrase lists.

MFA, as its name implies, is an additional verification factor that ensures whoever is accessing ESL as a delegated authoriser (DA) and is accessing/managing someone else’s personal data is who they say they are.

Setting up MFA for your account helps the Ministry ensure that only you or those who are authorized can access privileged information, even if someone has gained access to your DA’s passphrase.

What you need to do?

Upon successful login with your username and passphrase, you will be prompted to set up MFA for your ESL account before accessing the ESL as a Delegated Authoriser.

Once your ESL account has an MFA setup, you will be required to provide the 6-digit passcode shown in your app when prompted during login.

However, should you lose access to your MFA setup you will need to contact Education Service Desk and request for removal of the MFA after providing evidence of identity.

Note: You will be required to set up MFA again to access ESL as a DA after it has been removed by your request.

Setting up and using MFA:

Most Smart phone-based authenticator applications are similar and will operate like below:

1.    Scan QR code provided when prompted to set up MFA.
2.    Authenticator app will start generating Passcodes.
3.    Provide Passcode back to the application/website that is asking you for MFA.

Please review the webpages below for the app you want to use, you can find both of these authenticator apps on Apple’s App Store or Google’s Play store.

If you are having trouble scanning the QR code, make sure that your camera is clear of debris, and nothing is covering the QR code either. 

If you still can’t scan the QR code, use the manual entry option in your authenticator app and enter the Account name and Secret key provided in the “Can’t use your smartphone to scan the QR code? Try this.” section on the MFA setup page on ESL as shown in the image.


Image removed.
If there is absolutely no way that you can use a smartphone, then there are some alternative options for you to set up MFA for your ESL account.

The Ministry strongly suggests that you use your smartphones to download an authenticator app as this provides a second factor to verify you and prevents hackers from pretending to be you.
 

Here are some options you can try which offer MFA capabilities:

Please note: We are not able to provide IT Support on the following options if you were to contact the Education Service Desk nor are we able to offer detailed instructions on this help page.

  • Desktop applications
  • Browser extensions
  • or any website-based MFA passcode generators.

While these methods listed above work, they are not recommended as an MFA method.

These methods all lack separation between the device accessing sensitive information and the device providing the multi-factor authentication.

These methods also require you to remember an additional set of username and password/phrase. Additionally, if a person with malicious intent wishes to access your account, they simply need to get hold of one device.


Finding the Verification Passcode for MFA

Once you have set up your Authenticator App, you see the passcodes being generated and refreshed once you open the app. Make sure you are entering the correct code by verifying the name above the code. It will say Education Sector Logon.

Contacting the Service Desk:

If any of the following happens, please contact the Education Service Desk immediately:

•    Your phone has been stolen.
•    Your phone is no longer working.
•    Your ESL account has been compromised. i.e., you can no longer login with your username and passphrase.

The Service Desk can help by removing your existing MFA setup until you are ready to setup a new MFA to access your ESL.

Education Service Desk

Freephone: 0800 422 599 (NZ Only)

Email: service.desk@education.govt.nz

Note: To confirm your identity, you will be asked questions that confirm you are who you claim you are.