2-Step Verification Basics
Why should I set up 2-Step Verification?
You should set up 2-step verification because doing so makes it very hard for anyone to take over your email account remotely. Without setting up 2-step verification, hackers could get into your account if they figured out your password. With 2-step verification enabled, they would need the password and physical control of your phone, your wallet or purse, or your actual computer. Here's why this matters: In most cases you would have no way of knowing whether someone somewhere else in the world had cracked your password and was rummaging through your account. This lets you know.
How do I turn on 2-Step Verification?
When you enable 2-Step Verification (also known as two-factor authentication), you add an extra layer of security to your account. You sign in with something you know (your password) and something you have (like a code sent to your phone).
To set up 2-Step Verification:
- Go to the 2-Step Verification page. You will be prompted to sign in to your WFU Google Account.
- Click Get started. (Have a phone nearby.)
- Follow the quick step-by-step setup process.
Once you're finished, you'll be taken to the 2-Step Verification settings page. Review your settings and add backup phone numbers. The next time you sign in, you'll receive a message with a verification code. You also have the option of using a Security Key for 2-Step Verification or a variety of other alternative second steps. We recommend you choose at least one alternative option.
How do I sign in with 2-Step Verification?
Signing in with 2-Step Verification is easy.
- Go to the sign-in page of your mail or any other Wake Forest application that employs Google Single Sign-On, and enter your username and password like you normally do.
- Every 30 days or every time you try logging into your WFU Google Mail or any Google Single Sign On service on a new device, you’ll be asked for a six-digit code, which you'll get from your phone. If you want, when you enter your code, you can choose to trust your computer -- this means you won't be asked for a code again when you sign in from this computer. If you sign in from another computer, however, you’ll be asked for a code.
- After you turn on 2-Step Verification, non-browser applications and devices that use your Google Account (such as Outlook), may be unable to connect to your account. However, in a few steps, you can generate a special password called application-specific password to allow this application to connect to your account -- and don't worry, you'll only have to do this once for each device or application.
What if I don’t want to use my phone?
Don’t want to use your phone? No problem. You’ll need a phone to set up 2-Step Verification at first, but you can then immediately change your second step. Here are some alternatives:
- Sign in faster with 2-Step Verification phone prompts
- Sign in using App Passwords
- Sign in using backup codes
- Sign in with a backup phone
- Sign in with the free Google Authenticator app
- Sign in with a security key
What is a security key? How do I use it?
A security key (also called a fob, or USB key), is a Fido U2F certified, read-only device that looks like a USB flash drive. When plugged in to your USB drive, it will generate a code for you, instead of you entering a code manually. Any device that is Fido U2F certified can be used with Google 2-Step Verification. Click here for more information on the IS-preferred security key, YubiKey.
Are there limitations with security keys?
Yes, there are a few limitations to U2F security keys. They are:
- You must be using a device with a USB port, and the USB port must not be disabled (some kiosks and computer labs disable USB ports for security reasons).
- You must be using a supported browser.
- Google Chrome supports U2F natively.
- While Firefox does not natively support U2F, there are extensions that may add U2F functionality.
Can I use Google Voice to receive codes?
Using Google Voice is not recommended. If you use Google Voice to receive verification codes, you can easily create a situation where you’ve locked yourself out of your account. For example, if you are signed out of your Google Voice app, you might need a verification code to get back in. However, you won’t be able to receive this verification code because it will be sent to your Google Voice, which you can’t access.
What if my phone was lost or stolen?
If your phone was lost or stolen, we strongly recommend that you change your WFU Google Account password and revoke your App Passwords. This will help prevent others from accessing your WFU Google Account from your phone. Learn more here.
What if I get a new phone after I’ve set up Google 2-Step Verification?
No problem. Follow these instructions.
My Google Authenticator codes aren’t working (Android). What do I do?
This might be because the time on your Google Authenticator app is not synced correctly. To make sure that you have the correct time:
- Go to the main menu on the Google Authenticator app
- Tap More Settings
- Tap Time correction for codes
- Tap Sync Now
On the next screen, the app will confirm that the time has been synced, and you should now be able to use your verification codes to sign in. The sync will only affect the internal time of your Google Authenticator app, and will not change your device’s Date & Time settings.
I’m stuck and I need backup codes! Help!
If none of your 2-Step options are working, you can call the Information Systems Service Desk Monday through Friday, from 8am to 5pm at 336-758-4357, or email us at firstname.lastname@example.org, or visit us at The Bridge located on the main floor of the Z. Smith Reynolds Library, and we’ll provide you with a backup code. Please note, you will be required to answer security questions in order for us to provide you with this information.
What do I do if I’ve lost my backup codes, and want to revoke them?
If you lost the print-out of your backup codes, you can revoke them on your settings page. In the Backup codes section click Show codes, then click Get new codes. This will invalidate the previous set of backup codes and generate a new set.
I turned on 2-Step Verification and an app on my phone or computer stopped working. What now?
When you turn on 2-Step Verification, any apps that need access to your WFU Google Account will stop working until you enter an App Password in place of your normal password. Common applications and devices that require an App Password include:
- Old versions of email clients such as Outlook, Apple Mail and Thunderbird
- The email app that comes with your phone (but is not made by Google)
- Some chat, contacts and YouTube clients
Note: If you're running the latest operating system on your iPhone/iPad or Mac computer, you will no longer have to use App passwords to use 2-Step Verification. You do not need to memorize App Passwords because every App Password is only used once. You can generate a new App Password whenever you’re asked for one--even for a device or application you’ve authorized before.
Why does Google ask for verification every time I log in, even though I checked the box to ask every 30 days?
You most likely need to enable cookies in your browser, or your browser is set to automatically clear it's cache on exit.