Follow the links below to learn more about two-factor authentication at the University:
Two-factor authentication (2FA) is also referred to as two-step verification (2SV) or multi-factor authentication (MFA). It offers additional protection for your accounts. The idea is that in order to access an account you have to provide your password and also some other evidence to prove who you are. This other evidence could be a code that is sent to your phone, a code that you generate using your phone or other device, or a simple prompt that you accept on your phone.
The problem with relying on just a password - even a strong password - to protect your account is that if it is ever found out by someone else, they can log in to your account and access everything you can. If you’ve used the same password for other accounts, they can potentially access those as well.
People could obtain your password in several ways. It could be eg guessed, phished, leaked in a data breach, captured by malicious software.
When you have two-factor authentication set up on an account you will first be required to enter your username/email address and password as normal. You will then need to complete an additional authentication step in order to access the account.
This means that even if someone has managed to get hold of your password they still cannot login to your account without the additional security step.
There are several different methods that can be used for two-factor authentication. The ones that are available to you will depend on which service you’re using.
Many services will allow you to register more than one method with your account. This is worth considering in case you’re ever in a situation where your primary method of two-factor authentication is not possible (eg if your mobile phone doesn’t have any mobile network reception).
Commonly used methods include:
An app on your smartphone will alert you that somebody is trying to login to your account. This then enables you to allow or deny the login. Your phone will need to have internet access (mobile network or wifi) in order to receive the prompt.
An app on your smartphone generates short code (which changes every 30 seconds). You input the latest code to login. Your phone doesn’t need to have any sort of network connection in order to generate the codes.
A short code is sent to your registered phone number. You then input the code into the website in order to login. Your mobile phone would need to have mobile network reception in order to receive the text message.
An automated phone call is made to your registered number to provide you with a short code. You then input the code into the website in order to login. Your mobile phone would need to have mobile network reception in order to receive the call.
A small physical device (which often looks like a USB stick) that you must connect to your device (usually via USB, NFC or Bluetooth) in order to login. They are small enough that they can be conveniently carried on a keychain.
Two-factor authentication for staff
On Tuesday 7 December, two-factor authentication (2FA) will become mandatory on all staff University Google/email accounts:
Two-factor authentication is available for all Google accounts. Google refer to it as “2-step verification” For more information, including details on how to enable it, see:
Enabling 2-step verification on your University Google account also ensures that you will not encounter login challenges when signing into your account:
Duo two-factor authentication is required to log in to several University services, including the VPN, Virtual Desktop Service and e:Vision.
We may decide to roll out two-factor authentication to other University services in the future. We will advertise this in advance of any changes being made.
It depends on the service. Many do offer two-factor authentication options but you will need to read their documentation to find out what methods they offer and how to enable it.
The website TwoFactorAuth.org provides a searchable list of many popular websites with details of their two-factor authentication options.