Enforcing 2FA for All Staff

Security is super important to us - protecting the data your KAMAR holds on the staff, students and caregivers in your school. Recent incidents involving compromised passwords and phishing campaigns have highlighted the importance of everyone enabling two-factor authentication (2FA) on their accounts. Currently KAMAR only enforces this for staff with high access to KAMAR, however on discussion and feedback from affected schools, we have decided to enforce 2FA for all staff users.

Unauthorised logons is a data breach which must be reported to the privacy commissioner. KAMAR's audit logging shows these unauthorised logons and their actions, but the damage has already been done.

You can already do this yourselves, by entering a number in:

• Setup ⇒ Users ⇒ Security ⇒ Usernames and Passwords: Two Factor Authentication

From the Jan 2026 update, this field can no longer be blank. If blank, it will automatically be reset to 90 days.