Google employs several techniques and security algorithms in order to keep accounts safe. One such technique is known as a “login challenge”.
If you will be logging into your account from a different computer than usual, or from a different location then you might encounter one of these login challenges.
Before logging into your account you should always check that the login page is genuine, particularly if you have followed a link to access the login page.
When logging into a Google account the web address in your browser’s address bar should begin ‘https://accounts.google.com’. The browser should also display a locked padlock icon.
If this is not the case do not proceed. Instead please contact IT Support for advice:
If Google detects something unusual or suspicious it may trigger a login challenge: an additional step that must be completed in order to login to the account.
This login challenge is designed to prevent unauthorised access to the account, even if the attacker has the correct password for the account.
To avoid being presented with a login challenge you can enable 2-Step Verification on your account:
For security, Google do not provide a full breakdown of what may trigger a login challenge. However, we have observed that the following may result in a login challenge:
However, there may be several other conditions that result in a login challenge being presented.
We are aware that the following methods have been used as a login challenge by Google:
However, this list might not be complete and Google may also be using other login challenge methods. Google choose which login challenge is presented based on several factors, but they do not make this information public.
If you are presented with a login challenge after entering your email address and password the quickest way for you to access your account is to follow the on screen steps to complete the login challenge.
There are scenarios where you may be unable to complete a login challenge in order to access your account, eg:
During working hours (9am - 5pm, Monday to Friday) you can contact IT Support:
Providing that IT Support are able to verify your identity over the phone we can arrange for the login challenge to be temporarily disabled for 10 minutes by one of our Google Admins. This will then allow you to login without being presented with a login challenge.
No, these cannot be disabled permanently. They can only be disabled temporarily for up to 10 minutes by one of our Google Admins.
Logging into your account on a device you have used previously means you are less likely to be presented with a login challenge, but this is not guaranteed.
The only way to avoid being presented with a login challenge is to enable 2-Step Verification on your account:
2-Step Verification offers additional protection for your account; even if someone has managed to get hold of your password they still cannot login without the additional security step.
2-Step Verification can be enabled without giving Google your phone number.
To achieve this, choose Security key or Google prompt as your second verification step, and Backup codes or Security key as your backup step.