WNESU requires two-factor authentication on all employee Google Workspace accounts. Two-factor authentication, also known as multi-factor authentication (MFA), 2FA, or two-step verification, is when a user is required to provide two or more pieces of evidence to verify their identity before gaining access to their account. This added layer of security will help protect our systems against phishing and hacking attempts and enhance our secure environment where we collaborate and store information.
Prefer a step-by-step guide? Google has documentation that can walk you through the process. You could also schedule some time with us to help you set up your two-factor authentication. Please contact us via our helpdesk to set up a meeting.
What is two-factor authentication and why are we doing this?
Two-factor authentication adds a second layer of protection during the login process. Currently, your Google login is tied to “something you know” (your password). Two-factor authentication adds the second layer of “something you have” (typically your smartphone and absent that, printed backup codes or a USB security key). You most likely already have experience using two-factor authentication with online banking so enabling it within Google likely will not be a new experience.
Two-factor authentication is the most basic, simple level of protection we can immediately add to our Google Workspace accounts. When an account password is compromised, this level of protection prevents bad actors from moving forward and accessing our sensitive emails and data. Multi-factor authentication has become the industry standard for accessing sensitive accounts.
How often will I need to use two-factor authentication?
Google will not require two-factor authentication every time you log in. Once you authenticate and complete two-factor authentication on your phone or computer you will have the option to “remember this device”. From that point on Google will not prompt you to perform two-factor authentication on that device unless you clear your browser’s cache, change your password, if Google suspects that your account has been breached, or after approximately 30 days.
What options do I have for setting up two-factor authentication?
Google Workspace supports multiple methods to deploy two-factor authentication. You may set up any of these:
- Google prompt, text message, or phone call:
- Prompt: You can set up your personal device to display a prompt when signing into your account. This typically requires you to be signed into a Google app (an example would be the Gmail app or the Google Smart Lock App) on your device, which would help facilitate the prompt and allow you into your account.
- Text Message: You can receive a text message code that will be used during your sign-in process.
- Phone Call: Google can call you with a code that would be used during your sign-in process. You could set this up with your desk phone or classroom phone, but keep in mind that this would limit your ability to sign in when you are away from that phone. This is not a preferred option.
- Backup Codes:
- You can print a sheet of one-time-use backup codes to access your account. You must keep this sheet confidential and secure. This is not a preferred option.
- Google / Other Authenticator App:
- You can download a modern Authenticator app (Examples would be Google Authenticator, Microsoft Authenticator, or Duo) onto your personal device and use that as a source for sign-in codes. Typically, these codes refresh at a set interval within the app and must be retrieved every time.
- Security Keys:
- You may bring your own security key to configure as a secondary authentication source to your account. Typically, these devices either plug in by USB, connect by Bluetooth, or use other various technologies to supply a secondary authentication source while you are logging in.
What if I don't want to enter my personal number or use my personal device to authenticate?
We may provide security keys on a first-come, first-serve basis. There is a cost of approximately $30.00 for lost, stolen, or unreturned keys.
You can register interest in a security key here: https://wnesu.jotform.com/230404003461034
What if i've lost access to my personal device or backup codes?
You may contact our helpdesk via phone, ticket, or email and we will help you restore access to your account. You will be asked to verify your information before we give you a one-time code.