why are we implementing 2-step verification?

Times are changing and hackers are finding new and creative ways to acquire user passwords; they can buy lists of usernames and passwords on the dark web, they can use social engineering and email phishing tactics to steal passwords, they can use something called “dictionary attacks” as a brute force method to guess weak passwords. Adding a second form of verification dramatically decreases the likelihood of your password being compromised.

In addition to these persistent dangers, our cybersecurity insurance policy requires that our email accounts be protected with 2-step verification. This extra measure will help protect our University community from outside attacks.

WHAT IS 2-step verification?

2-step verification adds a second layer of protection during the login process. Currently your Google login is tied to “something you know” (your password). Two-factor authentication adds the second layer of “something you have” (typically your smartphone and absent that, printed backup codes). You most likely already have experience using 2-step verification with your other online accounts, so enabling it within Google hopefully will not be a new experience.

We recommend that, after you setup this verification process on your University account, you implement this same process for your other personal accounts as well (banking, credit cards, medical portals...etc.)

how often will I need to use two-step verification?

Google will not require 2-step verification every time you log in. Once you authenticate and complete 2-step verification on your phone or computer you will have the option to “remember this device”. From that point on Google will not prompt you to perform 2-step verification on that device unless you clear your browser’s cache, change your password, or if Google suspects that your account has been breached.

which method should I use?

From the main page, you will see three 2-step verification options available for you to choose. The University recommends that you use the Google Authenticator App as a convenient method for this extra layer of security. Using this app does require a smartphone or mobile device, but it does not require that your phone retain a data or WiFi signal (after the initial setup process). Once your setup is complete, your authenticator codes are stored on your phone and automatically refreshed indefinitely (i.e.: until you get a new phone or setup the app on a different device).

where can I get help?

If you have any difficulties setting up 2-Step Verification on your account, we recommend that you contact our IT Helpdesk by phone or email: