Accessibility statement

Students - You must set up two-factor authentication on your University email account by 22 March

Posted on 24 January 2022

To improve security we are requiring all students to set up two-factor authentication on their University email/Google accounts.

You must set up two-factor authentication on your University email/Google account by Tuesday 22 March, otherwise you will be locked out of your account and will be unable to access your email.

Even if you’ve already set up Duo two-factor authentication (for e:Vision, the VPN, Virtual Desktop etc), you still need to set up Google two-factor authentication separately.

This applies to all student accounts - including all undergraduates, postgraduate taught students, postgraduate researchers, international students, students on a leave of absence and students on placement.

What is Google two-factor authentication?

Google two-factor authentication - also known as '2FA' or 2-step verification - provides an additional layer of security when you log on to your University Google/email account from any device (eg laptop, desktop, phone, tablet).

The idea is that in order to access an account you have to provide your password and also some other evidence to prove who you are.

  • First factor: something you know - proven by correctly entering your password
  • Second factor: something you have - for example, your phone (proven by responding to a notification on a smartphone or entering passcode received by text message/phone call).

This ensures that even if someone has your password, they still won't have enough information to access your account.

Even if you’ve already set up Duo two-factor authentication (for e:Vision, the VPN, Virtual Desktop etc), you still need to set up Google two-factor authentication separately.

What will happen?

  • Over the coming weeks, you will see messages from Google warning you that two-factor authentication will soon become mandatory and inviting you to set it up.

Google sometimes uses the term ‘enrol’ when referring to setting up Google two-factor authentication, but this is not related to your academic enrolment in any way.

  • Google two-factor authentication will become mandatory for all students on Tuesday 22 March. You need to make sure you have set up Google two-factor authentication before this date.

Setting up two-factor authentication on your account adds an additional layer of security to your account. So when you log in:

  1. You will log in to your account using your email address and password
  2. You will then use a device to authenticate your login (for example, by typing in a code received by text message or responding to an app notification).

And if you have any problems accessing your account, you will contact the IT Support team.

What do I need to do?

You need to set up Google two-factor authentication on your University account before Tuesday 22 March. The process will normally take less than 10 minutes. 

Even if you already have Duo two-factor authentication (for e:Vision, the VPN, Virtual Desktop etc), you still need to set up Google two-factor authentication separately.

How to set up and use Google two-factor authentication

Guidance on how to set up and use Google two-factor authentication is available on our web pages:

The easiest way is to use a smartphone or a standard mobile phone. You can choose to receive two-factor authentication passcodes by text message (or automated phone call) or a push notification from Google.

We also have alternative options available for students who can’t use a phone for Google two-factor authentication.

More information on the authentication options is available:

For step-by-step instructions, take a look at our help and troubleshooting information:

What happens if I don’t set up Google two-factor authentication?

It’s crucial that the University does everything it can to protect your accounts and data. Therefore your University email/Google account will be locked if you do not set up Google two-factor authentication by Tuesday 22 March:

  • You may be able to recover access to your account yourself using our self-service recovery tool.
  • Otherwise, you will need to contact the IT Support team to restore access to your account.
  • We will need to complete an identification verification process with you, and you may need to attend in person.
  • This will take time and may be inconvenient for you, as we must be certain that we are talking to the genuine account holder before we unlock the account.

Why is the University doing this?

Without two-factor authentication, anyone could log in to your account if they had your password - even if they’ve got hold of that information maliciously (for example, via a phishing attack). 

If someone is able to log in to your University Google account they can access your:

  • Emails
  • Google Drive files
  • Saved browser passwords
  • Calendar information
  • Contact lists (including the full University directory)
  • Google Groups
  • Services that offer the “Sign in with Google” option
  • And much more.

Also when an attacker gains access to one University email account, they tend to also use it as an opportunity to target other University accounts (for example, by sending phishing emails).

This type of attack has already happened, so this simple additional step will have a big impact on everyone’s digital safety.

Furthermore, it is now impossible for an organisation to obtain cyber insurance without enforcing two-factor authentication. Therefore most, if not all, universities will be implementing two-factor authentication (if they haven't already).

Thank you for your cooperation. If you have any questions please contact the IT Support team.