Throughout the Summer and Fall of 2021 the Wheaton IT Department will be rolling out a technology called “two-factor authentication” within Google. You may know it by other names like “2FA”, “two-step verification”, or “multi-factor authentication (MFA)”.
On this page
- What is two-factor authentication?
- Why are we implementing two-factor authentication?
- How often will I need to use two-factor authentication?
- What’s the timeline for this change?
- What two-factor authentication method should I use?
- What if I use an email application like Thunderbird or Outlook?
- Steps for enabling two-factor Authentication
- What are my support options when setting up two-factor authentication?
What is two-factor authentication?
Two-factor authentication adds a second layer of protection during the login process. Currently your Google login is tied to “something you know” (your password). Two-factor authentication adds the second layer of “something you have” (typically your smartphone and absent that, a USB security key). You most likely already have experience using two-factor authentication with an online banking account so enabling it within Google hopefully will not be a new experience.
Why are we implementing two-factor authentication?
Times are changing and hackers are finding new and creative ways to acquire user passwords; they can buy lists of usernames and passwords on the dark web, they can use social engineering and email phishing tactics to steal passwords, they can use something called “dictionary attacks” as a brute force method to guess weak passwords. Adding a second form of verification dramatically decreases the likelihood of your password being compromised.
How often will I need to use two-factor authentication?
Google will not require two-factor authentication every time you log in. Once you authenticate and complete two-factor authentication on your phone or computer you will have the option to “remember this device”. From that point on Google will not prompt you to perform two-factor authentication on that device unless you clear your browser’s cache, change your password, or if Google suspects that your account has been breached.
What’s the timeline for this change?
We will be migrating people in batches starting this summer, you will receive an email with instructions when it is your group’s turn. You will be given an end date by which you will need to enable two-factor authentication. If you do not enable two-factor authentication by the date listed you will be locked out of your account and you will need to contact Wheaton’s IT department to regain access. You will be reminded to enable two-factor authentication during the grace period leading up to the end date listed in the email. An example reminder message will look like this …
If you have a smartphone and you are interested in enabling it now feel free, we encourage it! Directions for enabling two-factor authentication (or as Google calls it “2-Step Verification”) are below in the section labeled “Steps for enabling Two-factor Authentication.“
What two-factor authentication method should I use?
There are a couple different methods you can use to complete two-factor authentication. They are….
- Use a Google application configured on your phone (recommended)
- Use text messaging (the preferred backup method)
- If you do not own a smartphone, use a USB key that you plug into your computer
- Receive a voice call at a different telephone number (ex: your office landline)
- Print 10 pre-established backup codes
The Google application method mentioned above is called a “push” authentication. With push authentication you just have to bring up a Google app on your phone and acknowledge the two-factor request. On an iPhone we suggest you use the Gmail app or the Google Search app (both are free in the App Store, just log into either app with your Wheaton email address). On an Android you just need to be logged into email with your Wheaton address. It is important that you setup backup methods for completing two-factor authentication in the event that you do not have your phone. To setup backup methods once two-factor is enabled, go to https://myaccount.google.com/ and select “Security” on the left, click the right arrow next to “2-Step Verification”, enter your password, then follow the prompts in the section labeled “Available second steps”.
What if I use an email application like Thunderbird or Outlook?
We’ve created the following web page to help people who use email clients prepare for two-factor authentication.
Steps for enabling Two-factor Authentication
1. If you have an iPhone make sure that you have either the Gmail app or the Google Search app installed and that you are logged into the app using your email@example.com account. Either app can act as your second form of authentication as you try to log into Google. Here is a screenshot of both apps, they are available for free in the App Store. If you have an Android device you just need to make sure that the GMail app is configured to point to your firstname.lastname@example.org account.
2. In a web browser visit your Google settings page located here https://myaccount.google.com and select “Security” on the left.
3. In the center of the page scroll down to the section labeled “Ways we can verify it’s you” and make sure you have a recovery phone entered, if not add it now.
4. Also located on the “Security” page go to the section labeled “Signing in to Google” and click the right arrow next to “2-Step Verification”.
5. Select the “GET STARTED” button, you will then be prompted to enter in your Wheaton password.
6. It should show that your phone is already known to Google, select the “CONTINUE” button.
7. Google will then send you a test message through the app you configured on your phone (GMail or Google Search). You may have to open the app to complete the confirmation request. Select the “Yes” button.
8. You will then be asked to configure a backup method to complete two-factor authentication. Select the “Text message” option and click “SEND”
9. You will receive a text message from Google with a code, enter that code into the web site and click “NEXT”
10. Lastly, confirm that you want to enable 2-Step Verification by pressing the “TURN ON” button.
It will take you to the 2-Step Verification page. Here you can review your settings and optionally configure alternate methods to complete two-factor authentication.
What are my support options when setting up two-factor authentication?
- Place a trouble ticket inside the ITSS website located here http://support.wheatoncollege.edu. When creating a ticket, select “2-Factor Authentication (2FA)” -> “Google – 2-Factor Authentication”
- Send an email to the ITSS Support staff at email@example.com
- We will be hosting drop-in hours in key locations (to be determined)