Technology Help Desk

Preus Library
Main Level
700 College Dr
Decorah, IA 52101

Fall Hours

M-Th: 7:30 am – 9:00 pm
F: 7:30 am – 5:30 pm
Sa: 2:00 pm – 5:00 pm
Su: Noon – 9:00 pm

Thanksgiving Break Hours

(Nov. 27–Dec. 1)
Wednesday: 8:00 am – 3:00 pm
Thursday: Closed
Friday: Closed
Saturday: Closed
Sunday: 6:00 pm – 9:00 pm

Full Hours

helpdesk@luther.edu

Phone: 563-387-1000

2-Step Verification Guide

Are you a student or employee? You sign into your regular accounts a different way.

Office and Department accounts, legacy @alumni.luther.edu accounts, and some other types of Norse Apps (i.e. Google) accounts use Google’s standard login process which requires 2-Step Verification.

2-Step Verification is a required extra layer of security that protects these accounts by requiring more than just a password to sign in. We recommend that account holders turn this on the first time they sign in. If 2-Step Verification isn’t enabled within 2 weeks of the first log in, the account will be suspended.

Turning on 2-Step Verification

Note: Account holders should turn on 2-Step Verification the first time they sign in, or they’ll get locked out after 14 days.

 

Immediately after signing in to your new mail.luther.edu account, you’ll be prompted to turn on 2-Step Verification. Choose “Enroll Now.”

If you’ve already passed the prompt, use this link to start.

If you can’t log in at all, contact the Technology Help Desk

You’ll be prompted to send a setup code to a phone number or accept a prompt on another device. When successful, you’ll see an option to “Turn on”.

If you’re having trouble, You can find detailed instructions on Google’s support page.

You’ll end the setup process on a page where you can setup additional methods. Offices and departments should favor Keeper’s ability to store, populate, and securely share 2-Step Verification codes. Offices and departments should disfavor using text or call for 2-Step Verification, especially when it’s tied to an employee’s personal phone.

Common questions

2-Step Verification (a.k.a. Two-factor authentication or multi-factor authentication) is new to many people and adds some complexity to our digital lives—it’s ok to have questions. Here are the ones we get asked most often. Another great resource is Google’s Common issues with 2-Step Verification page. If your question still isn’t answered or you want to talk to a person, contact the Technology Help Desk.

Google 2-Step Verification is an extra layer of security for  Norse Apps accounts. It greatly reduces the likelihood that an account is compromised by a simple data breach or phishing attack. Specifically, 2-Step Verification is designed to stop a hacker who obtained the account  password by also requiring a thing that only you have, like your phone.

In practice, you’ll occasionally be prompted to verify your identity with a method you’ve already chosen, like typing a one-time code sent to your phone. You’ll be prompted every 30 days on your own devices and every time you use a new device, such as a Luther lab computer. You get to choose how you’d like to verify your identity.

Only a few Luther accounts use the default Google login process, which includes 2-Step Verification: Almost all of these accounts are office accounts, departmental accounts, or legacy @alumni.luther.edu accounts.

Students, employees, student organizations, and emeriti all begin the normal Google login process but are rerouted through our Microsoft SSO process which uses MFA, skipping the rest of Google’s default login process, including 2-Step Verification. Prior to June 2024, all accounts used Google’s default login process and were required to use 2-Step Verification beginning in 2018.

Offices and Departments should favor Keeper’s ability to store, populate, and securely share 2-Step Verification codes. Keeper is also a good place to store backup codes. Other authenticator apps (like the Google Authenticator) are good alternatives, but not when many people need to log into the account. Offices/Departments should disfavor using text or call, especially when it’s tied to an employee’s personal phone. The Google Prompt method is a poor choice because it is usually tied to a personal phone and will break every 6 months when the password is reset. 

On personal accounts, authenticator apps and security keys are the most secure, most resilient options. Personal account holders should also print a physical copy of their backup codes and keep it in a secure place. We recommend that you avoid using call or text in favor of other, more secure options. Personal accounts should avoid tying all their methods to a single device so that they aren’t locked out if the device fails or is lost.

Here’s a breakdown of the pros and cons for each method:

  • Authenticator app: Best widely-available option. More secure than text or phone. Available without wifi or cell signal. Great for travelers. Some authenticators, like Authenticator.cc, allow computers to generate codes, not just mobile devices. Not available at initial setup and breaks if device is wiped or replaced. If you’ve signed into your authenticator with your Norse Key, it will break when you reset your password.
  • Security Key: Most secure option. Not phone dependent. Requires additional purchase.
  • Printed backup codes: All account holders should set up this option. Great when all other methods fail. Not designed to be the primary or only authentication method.
  • Text/Call: The most commonly used method and available at initial setup. Still works if you change phones but keep your number. May fail if traveling abroad. Less secure than other options.
  • Google prompt: Poor option for most people because it breaks on  Norse Key password reset. Available at initial setup. Easy to set up and use. Doesn’t need cell signal.

Contact the Technology Help Desk. We can give you back-up codes to help you get back in.

The best option is to use Keeper—it can save the password and act as an authenticator app. Keeper records are secure, shareable, can auto fill records, and require less maintenance than other options. Keeper is available for all employees.

If the account is mostly used for email and Keeper isn’t a good fit (for example, if student workers check the email), then email delegation is a decent option because it allows users to view the account’s email from their personal gmail, without having to login to the office account. Only 25 delegates can be granted access to a given account.

Other authenticator apps (like the Google Authenticator) are good alternatives, but not when many people need to log into the account. Offices and departments should disfavor using text or call, especially when it’s tied to an employee’s personal phone. The Google Prompt method is a poor choice because it is usually tied to a personal phone and will break every 6 months when the password is reset. 

Password resets sign out anything that is currently signed in with that account—In this instance, that means the Google Prompt option always breaks when you change your Norse Key and the Google Authenticator will fail if you’ve chosen to sign-in to the app with your Norse Key. For this reason, we don’t recommend the Google Prompt unless you have a readily available fallback method and we recommend using the Google Authenticator only when not signed-in.

There are numerous options for 2-Step Verification usage overseas. Options include: Authenticator App on a computer, tablet, or phone; Security keys; landline or local cellphone in the country in which you’ll be residing; and backup codes.

No. You can use a security key, printed backup codes, or an authenticator app for computer, tablet, etc. You can set up 2-Step Verification from any mobile device or any phone line, including land lines.

Technology Help Desk

Preus Library
Main Level
700 College Dr
Decorah, IA 52101

Fall Hours

M-Th: 7:30 am – 9:00 pm
F: 7:30 am – 5:30 pm
Sa: 2:00 pm – 5:00 pm
Su: Noon – 9:00 pm

Thanksgiving Break Hours

(Nov. 27–Dec. 1)
Wednesday: 8:00 am – 3:00 pm
Thursday: Closed
Friday: Closed
Saturday: Closed
Sunday: 6:00 pm – 9:00 pm

Full Hours

helpdesk@luther.edu

Phone: 563-387-1000