2-Step Verification Guide
Norse Apps is so central that it needs to be well protected — for your benefit and for the community at large. Aside from a good password, you'll also need to turn on Google 2-Step Verification.
2-Step Verification is a required extra layer of security on all Luther Norse Apps accounts. All Luther email accounts must have Google 2-Step Verification enabled. 2-Step Verification protects your account by requiring more than just your password to sign in to your account. We recommend that you turn this on the first time you sign in. After your first login you have a two week grace period to set up 2-Step Verification on your email account. If you don’t enable 2-Step Verification in time, your account will be suspended and you will need to contact the Technology Help Desk.
Turning on 2-Step Verification
Do this the first time you sign in, or you’ll get locked out after 14 days.
Immediately after signing in to your new mail.luther.edu account, you’ll be prompted to turn on 2-Step Verification. Choose “Enroll Now.”
If you’ve already passed the prompt, use this link to start.
If you can’t log in at all, contact the Technology Help Desk
You’ll be prompted to send a setup code to a phone number or accept a prompt on another device. When successful, you’ll see an option to “Turn on”.
If you’re having trouble, You can find detailed instructions on Google’s support page.
You’ll end the setup process on a page where you can setup additional methods. We recommend that you turn on as many methods as possible. Everyone should print out a set of backup codes. The authenticator is also a great additional method.
2-Step Verification (a.k.a. Two-factor authentication) is new to many people and adds some complexity to our digital lives—it’s ok to have questions. Here are the ones we get asked most often. Another great resource is Google’s Common issues with 2-Step Verification page. If your question still isn’t answered or you want to talk to a person, contact the Technology Help Desk.
Google 2-Step Verification is an extra layer of security for your Norse Apps account. It greatly reduces the likelihood that your account is compromised by a simple data breach or phishing attack. Specifically, 2-Step Verification is designed to stop a hacker who obtained your password by also requiring a thing that only you have , like your phone. In practice, you’ll occasionally be prompted to verify your identity with a method you’ve already chosen, like typing a one-time code sent to your phone. You’ll be prompted every 30 days on your own devices and every time you use a new device, such as a Luther lab computer. You get to choose how you’d like to verify your identity.
There are many different 2-Step Verification methods available and you should choose at least two. Most people use their cell phone as their primary method, either by receiving a text, a phone call, or using an app. Everyone should also set up a method that doesn’t depend on their cell phone, like backup-codes, a USB security key, calls to a landline, or an authentication app on another device. Many of those secondary methods also work well for travelers and people without United States phone numbers or poor reception. Here’s a breakdown of the pros and cons for each method:
- Text message : The most common method and available at initial setup. Still works if you change phones but keep your number. May fail if traveling abroad.
- Phone call: Great for office phones and people without cell phones or poor cell reception. Landlines are also good secondary methods in the event that you can’t use any of the other cell-dependent methods.
- Printed backup codes : All users should set up this option. Great when all other methods fail. Not designed to be the primary or only authentication method.
- Authentication app: More secure than text. Available without wifi or cell signal. Great for travelers. Apps like Authy allow computers to generate codes, not just mobile devices. Not available at initial setup and breaks if device is wiped or replaced.
- Google prompt: Available at initial setup. Easy to set up and use. Doesn’t need cell signal. Breaks if password reset.
- USB Token : Most secure option. Not phone dependent. Requires additional purchase.
No. You can use a USB token, printed backup codes, or an authenticator app for computer, tablet, etc. You can set up 2-Step Verification from any mobile device or any phone line, including land lines. For faculty and staff without access to a mobile device, start with your office phone.
Contact the Technology Help Desk. We can give you back-up codes to help you get back in.
The Google Prompt option will fail when you change your password because it delivers codes through Google apps to which you’re signed in—When you change your password, you get signed out of all your Google apps, so codes aren’t delivered. This is the only authentication with that problem, so simply having any other backup option will help you avoid this situation.
There are numerous options for 2-Step Verification usage overseas. Options include: Authenticator App on a computer, tablet, or phone; USB security keys; landline or local cellphone in the country in which you’ll be residing; and backup codes.
Yes and no. When logging on to a lab, classroom, or podium computer you do not need a verification code. However, if you want to use Norse Apps (email, docs, etc) from a lab, classroom, or podium computer then, yes, you will need a verification code. Since lab, classroom, and podium computers are public computers and do not by design remember who you are, you will need a code each time you access your Norse Apps from one of these computers.
Option1: Have one person in the group be the keeper of the two factor credentials for the shared account and maintain who can access it. That person would set up the other people who are allowed to check the shared account as email delegates (Settings > Accounts and Import > Grant Access to Another Account). Then they could access the shared account from a menu within their own account and wouldn’t have to authenticate to the shared account separately. Note there is a limit of 25 delegates for an account.
Option 2: Enable Google 2-Step Verification as you would with a regular account, ensuring everyone that needs to use the shared email account has a method of getting the verification codes. Set up the verification with the office phone and/or cell phone of everyone that checks the shared account.
Option 3: Some departments are choosing a hybrid approach, using Option 1 for staff and Option 2 for their student workers.