• Created by Unknown User (arichard), last updated by Unknown User (gdams) on Apr 13, 2022 4 minute read

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 32 Next »

Overview

Using two-factor authentication (2FA) is widely considered a best practice.  Although the advantages to using 2FA outweigh the disadvantages, you should still consider the disadvantages to using 2FA and take proactive steps to mitigate them. 

The main disadvantage to using 2FA is you won't be able to access your Gmail account, if you don't have access to your 2FA method (such as your phone).  And sometimes, your 2FA may get automatically disabled after you get a new smartphone, or after you change your password.

To alleviate any concerns about this disadvantage, we strongly suggest that you consider setting up backup 2FA options for your Google account.

Instructions

Step 1

Go to Gmail.com and log in to your UWF Gmail account.

Step 2

Go to Google's 2-Step Verification Enrollment page.

Step 3

You should see your options for 2FA.  The more commonly used 2FA options are

  • Authenticator app
    • UWF employees are required to use the Duo mobile app to secure other key UWF services. These employees can use Duo's rolling code feature to secure their Gmail accounts too, instead of using Google's Authenticator app.  Visit Duo's Third-Party Accounts help article to learn more.
  • Voice or text message
  • Google prompts
  • Backup codes (ALWAYS RECOMMENDED)
    • If you choose this option, then ensure that you also download your backup codes and store them in a safe and secure place.

Ensure that you have at least two of these options enabled. This way, if your default 2FA option is unavailable/not working, then you can use your backup 2FA option.

Going forward

For example, let's say you have the Authenticator app configured as your default 2FA option, and Voice or text message as your backup 2FA option.  When you visit 2-Step Verification for your Gmail account, it'll look something like this:

multiple 2fa enabled for account

Now let's say you got a new smartphone, and you're trying to log in to Gmail.  The Authenticator app likely won't work for you at first (because this app is configured per device).  But since you also configured Voice or text message as your backup 2FA option, and assuming your phone number stayed the same, then all you would have to do is 

1. Click Try another way.

option for trying another way

2. Click Get a verification code at (•••) •••-••••.

option for getting texted a verification code

3. Type in the 6-digit verification code that Google texted to your phone, then click Next.

field for verification code, and next button

4. You're now logged in!

If you actually encounter this scenario, then after you get logged in, you should review your 2FA options and add any additional options you think are necessary.

Keep in mind that you can always contact the ITS Help Desk if you get locked out of your university email account.

What options are available to employees who do not wish to use a personal device for authentication?

There are multiple ways to secure your account without having to use a personal device. However, each option comes with pros and cons.

With the exception of using a Security Key, a default 2FA method (phone number or security key) MUST be added. If you do not wish to use a personal cellphone, we recommend setting up your office phone as your default option before setting up the following methods. 


  • Department will need to purchase a security key based on how the key will be used.

      • Security Key NFC by Yubico - Sufficient for individuals who will be using the security key with their UWF Gmail accounts ONLY.
      • YubiKey 5 - For individuals who will use the security key with BOTH their UWF Gmail accounts, and services protected by Duo (such as Banner, remoting into a UWF on-campus computer, and UWF VPN). 
  • Security Key can be kept on your person if traveling.
  • Can be used on most computer and mobile devices.
  • If the Security Key is unavailable, you will not be able to access the account unless an additional 2FA method (e.g., Office Phone, Backup Codes) was enabled.
  • Simple to setup.
  • You will receive a phone call with a code when prompted by Google. 
  • Cannot be used if you do not have access to your office phone.
  • A default 2FA (phone, push notification, security key) must be setup with the account in order to use backup codes.
  • Can be printed off and taken with you if traveling.
  • Codes can only be used once before a new code needs to be used. 
  • Only 10 codes can be active at one time. 
  • Backup codes can be lost if not properly stored. 
  • A default 2FA (phone, push notification, security key) must be setup with the account.
  • Can be kept within the department when access is needed.
  • Additional setup with Google Authenticator mobile app is required.


Additional documentation

On this page

  • No labels