Google 2-Step Verification FAQ

The College has established a new policy in which all Luther email accounts will require Google 2-Step Verification. Faculty and staff must enable Google 2-Step Verification prior to Dec. 1, 2016 for all Luther email accounts in order to continue to successfully sign in. Students and Student Organizations must enable Google 2-Step Verification prior to Feb. 1, 2017 for their Luther email account. Alumni must enable Google 2-Step Verification by March 1, 2017. This page contains answers to common questions pertaining to Google 2-Step Verification.

NOTE: It is important to think about the different scenarios in which you might want to access your Norse Apps account, and ensure that you’ve set up enough alternative steps to handle each scenario.

1. What information was provided in the all-campus message?
The all-campus message is on the ITS Blog at Policy change to improve security of Luther email.

2. Is there a step-by-step guide for enabling Google 2-Step Verification?
Yes, the following guides are available for use:
- Google 2-Step Verification Step-by-Step (Cellphone)
- Google 2-Step Verification Step-by-Step (non-Cellphone)

3. What is Google 2-Step Verification all about?
When you enable 2-Step Verification (also known as two-factor authentication), you add an extra layer of security to your account. You sign in with something you know (your password) and something you have (a code sent to your phone). With this enabled, even if a hacker obtains your password, they won’t be able to access your account because they won’t have the second piece of information necessary to login. For more information, see Google 2-Step Verification.

4. After I set up 2-Step verification the Apple mail client on my iPhone (or other POP3/IMAP Client) can no longer receive mail.
Set up an app specific password to use for the IMAP or POP3 client. This is a one-time setup.

5. 2-Step Verification sounds great. How can I turn it on for other services I might be using?
The site
https://www.turnon2fa.com/ lists many third party services, whether they support two factor authentication, and how to turn it on. The National Cyber Security Alliance and Anti-Phishing Working Groups of the U.S. Department of Homeland Security has additional resources about 2 Factor Authentication here: https://www.lockdownyourlogin.com/

6. How do I set up 2-Step for shared accounts such as student organization accounts or departmental accounts?
Option1: Have one person in the group be the keeper of the two factor credentials for the shared account and maintain who can access it.  That person would set up the other people who are allowed to check the shared account as email delegates (Settings > Accounts and Import > Grant Access to Another Account).  Then they could access the shared account from a menu within their own account and wouldn't have to authenticate to the shared account separately. Note there is a limit of 25 delegates for an account.

Option 2: Enable Google 2-Step Verification as you would with a regular account, ensuring everyone that needs to use the shared email account has a method of getting the verification codes. Set up the verification with the office phone and/or cell phone of everyone that checks the shared account.

Option 3: Some departments are choosing a hybrid approach, using Option 1 for staff and Option 2 for their student workers.

7. For what other services would you recommend using two-factor?
Services like email and password managers that control or can release access to another service. Services with sensitive or financial information. Things that have stored Credit Cards that can be used for purchases.

8. Why is it critical that the time be correct on my device that’s running the Google Authenticator program to generate tokens?
The 2-Step verification tokens change every minute.  If the time is off by more than a minute your tokens will be guaranteed to be wrong.  If the time off by less than a minute the codes will be wrong for some portion of each minute. On a cell phone it’s recommended that you set your phone to synchronize its time with the cellular network.  On a computer it’s recommended that you synchronize your computer’s time with a network time server (ntp server)

9. Where can I get the Google Authenticator program to run on my phone or computer?
- Android: Search for Google Authenticator in the Play Store

- iOS: Search for Google Authenticator in the App Store
- Windows: Download the program WinAuth from https://winauth.com/
- As a Web Browser Plugin for Firefox: https://marketplace.mozilla.org/app/gauth/
- As a Web Browser Plugin for Chrome: https://chrome.google.com/webstore/detail/gauth-authenticator/ilgcnhelpchnceeipipijaljkblbcobl?hl=en

10. I'll be traveling abroad. What do I need to do?
There are numerous options for 2-Step Verification usage overseas. Options include: Authenticator App on an Android, Phone, or computer; landline or local cellphone in the country in which you'll be residing; and/or backup codes. Contact the Technology Help Desk in advance of your departure determine the best setup for your situation.

11. Is the cell phone setup tied to my cell phone number or to the device itself?
The text and phone call options are tied to the cell phone number and not to the device. Therefore, when replacing a cell phone, those two options will continue to work. If either the Authenticator or Google app were installed on the prior device, they would need to be set up again on the new cell phone.

12. How many methods should I set up?
Consider all the locations and devices from which you check your Norse Apps account and ensure you have a method set up for each. You may enter multiple phone numbers and you may change the information as appropriate.

13. Do I need 2-Step Verification when I use Lab/Classroom/Podium computers?
Yes and no. When logging on to a lab, classroom, or podium computer you do not need a verification code. However, if you want to use Norse Apps (email, docs, etc) from a lab, classroom, or podium computer then, yes, you will need a verification code. Since lab, classroom, and podium computers are public computers and do not by design remember who you are, you will need a code each time you access your Norse Apps from one of these computers.

14. I don't have a cell phone. How do I set up 2-Step Verification?
Set up 2-Step Verification from your office or your home. When setting it up, you do need to be by a phone though it doesn't have to be a cell phone. Start by setting it up in your office using your office phone and then enter additional phone numbers based on where you check your email. There are also non-phone options that may be set up. Take a look at step-by-step guides in question 2 above.

15. My question is not on this page. What do I do?
Google has a page listing common issues and resolutions. See Common issues with 2-Step Verification. If your question is still not answered, contact the Technology Help Desk.