2-Factor Authentication

IS has announced the Dec 4 deadline for turning on Google 2-Factor authentication on WFU Google accounts. You have to go through an initial setup process (see the FAQ IS has created) to tell google how you want to authenticate.

Please don’t wait until the last minute. Go ahead, set it up, get started, and get used to the extra steps now instead of waiting until the busy end of the semester.

Two Factor authentication requires the use of something you know (your password) along with something you physically have (a phone, a physical key, or a piece of paper) to gain access to your WFU Google account. After you log in and provide your password, you are asked to provide the authentication (most often that means providing a generated 6 digit code). There are multiple ways to do the authentication.

Most people use their cell phones as their primary authentication tool. On the phone you can get the code in a number of ways: 

  • Google Authenticator app (setup instructions)
    Can also be used with two factor authentication with other online services like Dropbox, Facebook, Banking sites, etc.
  • Google Prompt (setup instructions)
    Great, but it requires a supported device – doesn’t necessarily work with older devices that can’t install the latest version of Google Play services
  • Code sent in a text or voice call to the registered phone number¬†

If you chose to use your cell phone as your primary authentication device, please be aware of a couple of issues:

  • Sometimes you may be in an area without service. In that case you can’t get a text or get the google prompt. The Authenticator app does work without service.
  • If your phone is dead or you don’t have it, then you can’t authenticate.

If using a cell phone isn’t feasable, there are some alternative methods that can be set up, provided that you plan ahead.

  • Backup codes
    Google lets you generate and print 10 single use backup codes. Print them out and stick them in your wallet or some other safe place. After you use 8 or 9 of them, generate the next set up codes.
  • Security key
    You can purchase a U2F USB security key starting from ~$10 and up. Chrome browser natively supports the use of security keys. Other browsers may or may not support it.
  • Voice call to your office or other landline – the voice call can go to a landline as well as a cell phone. You can register multiple numbers for calls.

Remember, you can mix-n-match methods. Personally, I’ve set up a security key that lives on my keyring as my primary. As my backup, I’ve set up the Google Authenticator app on my cell phone. I’ve also got the backup codes printed and stuck in my wallet. Finally, I have both my cell number and my office number registered.

Note: you will often see a box on the authentication prompt that says remember this computer for 30 days. It sounds great and works pretty well, most of the time. What you need to remember is that is cookie based and browser specific, even though it says “computer”. Cookies are per browser. So if you tell it to remember you for 30 days in Chrome, you will still have to authenticate if you try to access in Firefox or another browser. That also means if your browser clears your cache on closing or doesn’t accept cookies, the checking that box will not work as you expect.

If you are ready to turn 2-Factor on: Get Started Here

Comments are closed