Google two-factor authentication
Related pages
Google two-factor authentication (2FA) - also known as 2-step verification - provides an additional layer of security when you log on to your University Google/email account from any device (eg laptop, desktop, phone, tablet).
- First factor: entering your password - proof that you know the right credentials
- Second factor: using a mobile app, passcode received by text message or phone call or hardware key - proof that you possess something
This ensures that even if someone has your password, they still won't have enough information to access your account.
We already use Duo two-factor authentication to protect several University services. However, we will not be using Duo 2FA to protect the University Google accounts. This is because we don't want your access to Google to depend on any campus infrastructure. Google will keep working even if campus services are completely down.
Overview
Eligibility
Two-factor authentication (2FA) is mandatory for staff and student Google accounts.
How to set up
Set up 2FA on your Google account
For guidance on setting up Google 2FA:
Further guidance is available under the Help & troubleshooting tab.
Problems signing in?
Follow this guide if you are having trouble signing in to your account:
Signing in with Google 2FA
- Log in to your University Google account using your email address and password.
- If prompted, complete your second-factor authentication step.
See the Authentication options tab for information on the methods available to use and how they work.
Authentication options
There are several authentication options available to use to protect your Google account.
When you are setting up 2FA for the first time, you will be prompted to set this up using one of three options:
- Passcodes (via text message or automated phone call)
- Google Prompts
- Security Key
You can click Show more options to select one of the other options. For more guidance on setting up Google 2FA:
Text message or phone call passcodes
How it works:
You will receive a text message or automated phone call from Google containing a numerical passcode. Enter this passcode on the device you are logging in to.
We’d recommend that you use your mobile phone number for this, as you’re more likely to have your mobile phone with you. Your phone number will be stored securely by Google and will only be used for account security.
However, staff can receive the automated phone call via their University extension number, if preferred.
Recommended for:
- People who have a basic or feature phone rather than a smartphone.
- Smartphone users that can’t (or don’t want to) use Google Prompts.
Find out more:
- Setting up text message/phone call passcodes - Step-by-step instructions (KB article)
- Logging in with text message/phone call passcodes - Step-by-step instructions (KB article)
Google Prompts
How it works:
You will receive a push notification on your phone/tablet to respond to.
The notification will display information on where your account is being used, including the device and approximate location. You can allow or block the login by tapping Yes or No.
Recommended for:
- People signed in to their University Google account on their Android device.
- People signed in to their University Google account in the Gmail app on their iOS device (iPhone, iPad or iPod touch).
Find out more:
- Setting up Google Prompts - Step-by-step instructions (KB article)
- Logging in with Google Prompts - Step-by-step instructions (KB article)
Security key
How it works:
A security key is a small device (which often looks like a USB stick). You connect this (via USB or NFC) to the device you are logging in to. They are small enough that they can be conveniently carried on a keychain.
We strongly recommend that you use the text message/phone call or Google Prompt methods, but security keys are available if you can’t use one of the other methods. Contact IT Support to request a security key. Duo hardware tokens will not work with Google 2FA.
Recommended for:
- People who do not own any kind of phone.
- People who do not want to share their phone number with Google (phone numbers are stored securely and only used for account security).
Find out more:
- Setting up a security key - Step-by-step instructions (KB article)
- Logging in with a security key - Step-by-step instructions (KB article)
Additional authentication options
When you have set up one of the three authentication options described, you will then be given an option to set up at least one additional authentication method as a backup option.
These include:
- Any of the three methods described above (text/phone call, Google Prompts, Security Key)
- Authenticator app
- Printable backup codes
While you don’t have to set up any additional authentication methods, these are useful if your primary authentication method is unavailable (for example, you’ve left your phone at home, or don’t have any signal).
Find out more:
- Additional authentication options (KB article)
Help & troubleshooting
Guidance
Setting up Google 2FA
- Setting up 2FA - Initial steps
- Setting up text message/phone call passcodes
- Setting up Google Prompts
- Setting up a security key
- Additional authentication options
- Using the Duo Mobile app
- If you don't have a smartphone
- If you don't want to use your phone number
Using Google 2FA
- Logging in with text message/phone call passcodes
- Logging in with Google Prompts
- Logging in with a security key
- Using a third-party email client
- Using Google 2FA outside the UK
- Using Google 2FA without mobile data or wifi signal
- If you don't have your Google 2FA device
- Updating your Google 2FA settings/devices
Troubleshooting Google 2FA
- If you get an error saying "Couldn't sign you in. Your sign-in settings don't meet your organisation's 2-Step Verification policy."
- If your Google 2FA device is lost or stolen
- If you are having trouble logging in to your account
- If you have changed your University password
- Logging in via Remote Desktop or the Virtual Desktop Service
- Fix common issues with 2FA - Google Account Help
Get support
Please check the help guides above if you have any questions about using 2FA with your University Google account.
If you need further help, get in touch with the IT Support team.
Our commitments
| Service status | Live and supported service. |
|---|---|
| Hours of service | 24/7 |
| Service support | For help and support with this service, contact the IT Support team. |
| Hours of support | Help from the IT Support team is available 9am to 5pm, Monday to Friday. |
| Target availability |
General IT Services targets: |
| Our performance |
Our service standards have been produced in consultation with our customers, and monitor the quality, timeliness and access to facilities and services: |
|
Complaints procedure |
If you wish to give us general feedback on this service, please see our page for ways to get in touch. If you wish to make a complaint, please see our complaints procedure. |
Your responsibilities
We expect you to:
- register for Google 2FA
- carry or have access to your registered second factor device (eg your mobile or security key) at all times when you may need to log onto a protected system
- maintain the security of the service by not allowing anyone else to authenticate using their second factor device
- contact the IT Support team promptly if you lose your second factor device.
Privacy
Please note:
- to use Google Prompt or Authenticator codes you do not need to provide a phone number
- to use the text message/phone call option you do not have to install any Google app onto your phone
- your phone number will be stored securely by Google and will only be used for account security
- when using the text message/phone call option no information is transmitted from your phone to Google.