Posted on 19 September 2021
If you are a member of staff at the University, you will need to set up 2FA on your Google/email account by Tuesday 23 November.
While we say “two-factor authentication” (2FA), Google says “2-Step Verification” (2SV).
These terms are interchangeable and mean the same thing. You may also see some refer to it as “multi-factor authentication” (MFA).
At this time we’re only enforcing 2FA on your primary staff account, with a view to expand this to students, postgraduate researchers and other accounts (for example, non-personal accounts) in 2022.
At the moment, 2FA is available on all University Google accounts, but it is not mandatory. If your account does not have 2FA switched on, anyone could log in to your account if they had your password - even if they’ve got hold of that information maliciously (for example, via a phishing attack).
If someone is able to log in to your University Google account they can access your:
This type of attack has already happened, so this simple additional step will have a big impact on everyone’s digital safety. Also when an attacker gains access to one University email account, they tend to also use it as an opportunity to target other University accounts (for example, by sending phishing emails).
Furthermore, it is now impossible for an organisation to obtain cyber insurance without enforcing 2FA. Therefore most, if not all, universities will be implementing 2FA (or will have already done so).
There are two key dates to be aware of:
A note on Duo
A key point to be aware of is that we will not be using Duo 2FA to protect University Google accounts. This is because we don't want your access to Google to depend on any campus infrastructure. Google will keep working even if campus IT services are completely down.
We will continue to use Duo 2FA for other University services, such as the VPN, Virtual Desktop Services, SSH, Student Enquiry Screen and e:Vision.
However, the fundamental steps remain the same:
And if you have any problems accessing your account, you will contact the IT Support team.
If you have already enabled 2FA on your University Google account then there is nothing more you need to do.
If not, you can set up (“enrol”) your 2FA at any time from now until it becomes enforced.
The most convenient way is to use your mobile phone or tablet for this, as it’s a device you’re most likely to have with you when you’re logging in. However, your University extension number can also be used for the automated phone call option. We will also have hardware security keys available if you need one.
If you have not set up 2FA by Tuesday 23 November you will be prompted to do so when you next log in to your Google account. You will not be able to proceed until this has been completed.
Updated October 2021
All our guidance is now available on our new Google 2FA web page:
This includes step-by step instructions for setting up 2FA on your Google account, logging in using Google 2FA and troubleshooting tips if you have any problems.
We will continue to add to this guidance as we identify any common issues.
If you have any questions or concerns, please email firstname.lastname@example.org.