Accessibility statement

Google two-factor authentication

Related pages

Google two-factor authentication (2FA) - also known as 2-step verification - provides an additional layer of security when you log on to your University Google/email account from any device (eg laptop, desktop, phone, tablet).

  • First factor: entering your password - proof that you know the right credentials
  • Second factor: using a mobile app, passcode received by text message or phone call or hardware key - proof that you possess something

This ensures that even if someone has your password, they still won't have enough information to access your account.

We already use Duo two-factor authentication to protect several University services. However, we will not be using Duo 2FA to protect the University Google accounts. This is because we don't want your access to Google to depend on any campus infrastructure. Google will keep working even if campus services are completely down.

Overview

Eligibility

All staff and students can set up two-factor authentication on their Google accounts.

From Tuesday 7 December, 2FA will become mandatory for staff Google accounts.

How to set up

Set up 2FA on your Google account

For guidance on setting up Google 2FA:

Further guidance is available under the Help & troubleshooting tab.

Signing in with Google 2FA

  1. Log in to your University Google account using your email address and password.
  2. If prompted, complete your second-factor authentication step.

See the Authentication options tab for information on the methods available to use and how they work.

Authentication options

There are several authentication options available to use to protect your Google account.

When you are setting up 2FA for the first time, you will be prompted to set this up using one of three options:

You can click Show more options to select one of the other options. For more guidance on setting up Google 2FA:


Text message or phone call passcodes

How it works:

You will receive a text message or automated phone call from Google containing a numerical passcode. Enter this passcode on the device you are logging in to.

We’d recommend that you use your mobile phone number for this, as you’re more likely to have your mobile phone with you. Your phone number will be stored securely by Google and will only be used for account security.

However, staff can receive the automated phone call via their University extension number, if preferred.

Recommended for:

  • People who have a basic or feature phone rather than a smartphone.
  • Smartphone users that can’t (or don’t want to) use Google Prompts.

Find out more:


Google Prompts

How it works:

You will receive a push notification on your phone/tablet to respond to.

The notification will display information on where your account is being used, including the device and approximate location. You can allow or block the login by tapping Yes or No.

Recommended for:

  • People signed in to their University Google account on their Android device.
  • People signed in to their University Google account in the Gmail app on their iOS device (iPhone, iPad or iPod touch).

Find out more:


Security key

How it works:

A security key is a small device (which often looks like a USB stick). You connect this (via USB or NFC) to the device you are logging in to. They are small enough that they can be conveniently carried on a keychain.

We strongly recommend that you use the text message/phone call or Google Prompt methods, but security keys are available if you can’t use one of the other methods. Contact IT Support to request a security key. Duo hardware tokens will not work with Google 2FA.

Recommended for:

  • People who do not own any kind of phone.
  • People who do not want to share their phone number with Google (phone numbers are stored securely and only used for account security).

Find out more:


Additional authentication options

When you have set up one of the three authentication options described, you will then be given an option to set up at least one additional authentication method as a backup option.

These include:

  • Any of the three methods described above (text/phone call, Google Prompts, Security Key)
  • Authenticator app
  • Printable backup codes

While you don’t have to set up any additional authentication methods, these are useful if your primary authentication method is unavailable (for example, you’ve left your phone at home, or don’t have any signal).

Find out more:

Our commitments

Service status Live and supported service.
Hours of service 24/7
Service support For help and support with this service, contact the IT Support team.
Hours of support Help from the IT Support team is available 9am to 5pm, Monday to Friday.
Target availability

General IT Services targets:

Our performance

Our service standards have been produced in consultation with our customers, and monitor the quality, timeliness and access to facilities and services:

Complaints procedure

If you wish to give us general feedback on this service, please see our page for ways to get in touch.

If you wish to make a complaint, please see our complaints procedure.

Your responsibilities

We expect all staff:

  • to register for Google 2FA
  • carry or have access to your registered second factor device (eg your mobile or security key) at all times when you may need to log onto a protected system
  • maintain the security of the service by not allowing anyone else to authenticate using their second factor device
  • contact the IT Support team promptly if you lose your second factor device.

Privacy

Please note:

  • to use Google Prompt or Authenticator codes you do not need to provide a phone number
  • to use the text message/phone call option you do not have to install any Google app onto your phone
  • your phone number will be stored securely by Google and will only be used for account security
  • when using the text message/phone call option no information is transmitted from your phone to Google.