Versions Compared

Old Version 22

changes.mady.by.user Unknown User (arichard)

Saved on

compared with

New Version Current

changes.mady.by.user Matt Smith

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

Excerpt

Using two-factor authentication (2FA) is widely considered a best practice.  Although the advantages to using 2FA outweigh the disadvantages, you should still consider the disadvantages to using 2FA and take proactive steps to mitigate them. 

The main disadvantage to using 2FA is you won't be able to access your Gmail account, if you don't have access to your 2FA method (such as your phone).  And sometimes, your 2FA may get automatically disabled after you get a new smartphone, or after you change your password.

To alleviate any concerns about this disadvantage, we strongly suggest that you consider setting up backup 2FA options for your Google account.

Instructions

Step 1

Visit Google 2-Step Verification.

Step 2

  • Click Get Started at the top right of the window.
  • Click Get Started at the bottom left.
  • Log in to your UWF Gmail account, if you're prompted to do so.
TipThe items in this step may be in a different order for different users.  Google may even have some users skip some of these items too.

a requirement for UWF Gmail accounts. To avoid losing access to your account, we recommend establishing multiple methods of verification. 

Instructions

Step 1

Go to Gmail.com and log in to your UWF Gmail account

Note: If you're already logged into a personal Gmail account, logout and login with your UWF email account.

Step 2

Go to Google's 2-Step Verification Enrollment page. 

Click your avatar at the top right and confirm that your UWF Gmail address is shown:

Google Account icon, Gmail addressImage Added

Step 3

You should see your options for 2FA.  The more commonly used 2FA options are

  • Authenticator app
    • UWF employees are required to use the Duo mobile app to secure other key UWF services. These employees can use Duo's rolling code feature can also be used to secure their Gmail accounts too, instead of using Google's Authenticator app.  Visit Duo's Third-Party Accounts help article to learn more.
  • Voice or text message
  • Google prompts
  • Backup codes (ALWAYS RECOMMENDED)
    • If you choose this option, then ensure that you also download your backup codes and store them in a safe and secure place.

Ensure that you have at least two of these options enabled. This way, if your default 2FA option is unavailable/not working, then you can use your backup 2FA option.

Going forward

For example, let's say you have the Authenticator app configured as your default 2FA option, and Voice or text message as your backup 2FA option.  When you visit 2-Step Verification for your Gmail account, it'll look something like this:

multiple 2fa enabled for account

Now let's say you got a new smartphone, and you're trying to log in to Gmail.  The Authenticator app likely won't work for you at first (because this app is configured per device).  But since you also configured Voice or text message as your backup 2FA option, and assuming your phone number stayed the same, then all you would have to do is 

1. Click Try another way.
option for trying another wayImage Removed
Two-Factor PromptImage Added

2. Click Get a verification code at (•••) •••-••••.
option for getting texted a verification codeImage Removed
Phone PromptImage Added

3. Type in the 6-digit verification code that Google texted to your phone, then click Next.
field for verification code, and next buttonImage Removed
Place to enter the codeImage Added

4. You're now logged in!

If you actually encounter this scenario, then after you get logged in, you should review your 2FA options and add any additional options you think are necessary.

Keep in mind that you can always contact the ITS Help Desk if you get locked out of your university email account.

What options are available to those who do not wish to use a personal device for authentication?

There are multiple ways to secure your account .

Additional documentation

without having to use a personal device. However, each option comes with pros and cons.

With the exception of using a Security Key, a default 2FA method (phone number or security key) MUST be added. If you do not wish to use a personal cellphone, we recommend setting up your office phone as your default option before setting up the following methods. 


Expand
titleSecurity Key

  • Department will need to purchase a security key based on how the key will be used.

    Expand
    titleTested Security Keys
      • Security Key NFC by Yubico - Sufficient for individuals who will be using the security key with their UWF Gmail accounts ONLY.
      • YubiKey 5 - For individuals who will use the security key with BOTH their UWF Gmail accounts, and services protected by Duo (such as Banner, remoting into a UWF on-campus computer, and UWF VPN). 


  • Security Key can be kept on your person if traveling.
  • Can be used on most computer and mobile devices.
  • If the Security Key is unavailable, you will not be able to access the account unless an additional 2FA method (e.g., Office Phone, Backup Codes) was enabled.


Expand
titleOffice Phone
  • Simple to setup.
  • You will receive a phone call with a code when prompted by Google. 
  • Cannot be used if you do not have access to your office phone.


Expand
titleBackup Codes
  • A default 2FA (phone, push notification, security key) must be setup with the account in order to use backup codes.
  • Can be printed off and taken with you if traveling.
  • Codes can only be used once before a new code needs to be used. 
  • Only 10 codes can be active at one time. 
  • Backup codes can be lost if not properly stored. 


Expand
titleGoogle Authenticator on Departmental Tablet (employees)
  • A default 2FA (phone, push notification, security key) must be setup with the account.
  • Can be kept within the department when access is needed.
  • Additional setup with Google Authenticator mobile app is required.


Do I have to authenticate with 2-Step Verification every time I login to Gmail or a Google service?

If you're using a computer or device you trust, you can select "Don't ask again on this device". After selecting this setting and signing in, you will no longer be asked to authenticate using a 2nd factor on that device while using the same browser unless your cookies or web cache are cleared. Never select this option while using a shared or public computer. With this setting enabled, it's easy to forget that you have 2-Step Verification enabled.  Keep in mind that you'll be prompted for verification when signing into a different device. It's highly recommended to save backup codes for emergencies and establish multiple authentication factors (SMS, App push, authenticator app, back-up codes).

Additional documentation


Panel
titleOn this page

Table of Contents
outlinetrue
indent20px
stylenone
printablefalse