All Luther email accounts require Google 2-Step Verification. This page contains answers to common questions pertaining to Google 2-Step Verification.
NOTE: It is important to think about the different scenarios in which you might want to access your Norse Apps account, and ensure that you’ve set up enough alternative steps to handle each scenario.
1. What information was provided in the all-campus message?
The all-campus message is on the ITS Blog at Policy change to improve security of Luther email.
2. Is there a step-by-step guide for enabling Google 2-Step Verification?
Yes, the following guides are available for use:
- Google 2-Step Verification Step-by-Step (Cellphone)
- Google 2-Step Verification Step-by-Step (non-Cellphone)
3.What is Google 2-Step Verification all about?
When you enable 2-Step Verification (also known as two-factor authentication), you add an extra layer of security to your account. You sign in with something you know (your password) and something you have (a code sent to your phone). With this enabled, even if a hacker obtains your password, they won’t be able to access your account because they won’t have the second piece of information necessary to login. For more information, see Google 2-Step Verification.
4. After I set up 2-Step verification the Apple mail client on my iPhone (or other POP3/IMAP Client) can no longer receive mail.
Set up an app specific password to use for the IMAP or POP3 client. This is a one-time setup.
5. 2-Step Verification sounds great. How can I turn it on for other services I might be using?
The site https://www.turnon2fa.com/ lists many third party services, whether they support two factor authentication, and how to turn it on. The National Cyber Security Alliance and Anti-Phishing Working Groups of the U.S. Department of Homeland Security has additional resources about 2 Factor Authentication here: https://www.lockdownyourlogin.com/
6. How do I set up 2-Step for shared accounts such as student organization accounts or departmental accounts?
Option1: Have one person in the group be the keeper of the two factor credentials for the shared account and maintain who can access it. That person would set up the other people who are allowed to check the shared account as email delegates (Settings > Accounts and Import > Grant Access to Another Account). Then they could access the shared account from a menu within their own account and wouldn't have to authenticate to the shared account separately. Note there is a limit of 25 delegates for an account.
Option 2: Enable Google 2-Step Verification as you would with a regular account, ensuring everyone that needs to use the shared email account has a method of getting the verification codes. Set up the verification with the office phone and/or cell phone of everyone that checks the shared account.
Option 3: Some departments are choosing a hybrid approach, using Option 1 for staff and Option 2 for their student workers.
7. For what other services would you recommend using two-factor?
Services like email and password managers that control or can release access to another service. Services with sensitive or financial information. Things that have stored Credit Cards that can be used for purchases.
8. Why is it critical that the time be correct on my device that’s running the Google Authenticator program to generate tokens?
The 2-Step verification tokens change every minute. If the time is off by more than a minute your tokens will be guaranteed to be wrong. If the time off by less than a minute the codes will be wrong for some portion of each minute. On a cell phone it’s recommended that you set your phone to synchronize its time with the cellular network. On a computer it’s recommended that you synchronize your computer’s time with a network time server (ntp server)
9. Where can I get the Google Authenticator program to run on my phone or computer?
- Android: Search for Google Authenticator in the Play Store
- iOS: Search for Google Authenticator in the App Store
- Use a 3rd party alternative for Firefox like Authenticator
- Use a 3rd party alternative for Chrome like Authenticator
10. I'll be traveling abroad. What do I need to do?
There are numerous options for 2-Step Verification usage overseas. Options include: Authenticator App on an Android, Phone, or computer; landline or local cellphone in the country in which you'll be residing; and/or backup codes. Contact the Technology Help Desk in advance of your departure determine the best setup for your situation.
11. Is the cell phone setup tied to my cell phone number or to the device itself?
The text and phone call options are tied to the cell phone number and not to the device. Therefore, when replacing a cell phone, those two options will continue to work. If either the Authenticator or Google app were installed on the prior device, they would need to be set up again on the new cell phone.
12. How many methods should I set up?
As many as you can. There will be a day where your phone isn’t charged or you forgot your USB token. Make sure you have a few backup options.
13. Do I need 2-Step Verification when I use Lab/Classroom/Podium computers?
Yes and no. When logging on to a lab, classroom, or podium computer you do not need a verification code. However, if you want to use Norse Apps (email, docs, etc) from a lab, classroom, or podium computer then, yes, you will need a verification code. Since lab, classroom, and podium computers are public computers and do not by design remember who you are, you will need a code each time you access your Norse Apps from one of these computers.
14. I don't have a cell phone. How do I set up 2-Step Verification?
You can setup 2-Step Verification from any mobile device or any phone line, including land lines. For students without access to a mobile device or a land line, you can request a phone for your room. For faculty and staff without access to a mobile device, start with your office phone.
15. Do I need to save my code?
No, codes can only be used once.
16. Why does my authentication method fail when I change my password
The Google Prompt option will fail when you change your password because it delivers codes through Google apps to which you're signed in—When you change your password, you get signed out of all your Google apps, so codes aren't delivered. This is the only authentication with that problem, so simply having any other backup option will help you avoid this situation.
17. My question is not on this page. What do I do?
Google has a page listing common issues and resolutions. See Common issues with 2-Step Verification. If your question is still not answered, contact the Technology Help Desk.