Google 2-Step Verification Frequently Asked Questions (FAQ)
2-Step Verification Basics
You should set up 2-step verification because doing so makes it very hard for anyone to take over your email account remotely. Without setting up 2-step verification, hackers could get into your account if they figured out your password. With 2-step verification enabled, they would need the password and physical control of your phone, your wallet or purse, or your actual computer.
Here’s why this matters: In most cases you would have no way of knowing whether someone somewhere else in the world had cracked your password and was rummaging through your account. This lets you know.
When you enable 2-Step Verification (also known as two-factor authentication), you add an extra layer of security to your account. You sign in with something you know (your password) and something you have (like a code sent to your phone).
To set up 2-Step Verification:
- Go to the 2-Step Verification page. You might have to sign in to your WFU Google Account.
- Click Get started. (Have a phone nearby.)
- Follow the quick step-by-step setup process.
Once you’re finished, you’ll be taken to the 2-Step Verification settings page. Review your settings and add backup phone numbers. The next time you sign in, you’ll receive a message with a verification code. You also have the option of using a Security Key for 2-Step Verification or a variety of other alternative second steps.
We recommend you choose at least one alternative option.
Signing in with 2-Step Verification is easy.
- Go to the sign-in page of your mail or any other Wake Forest application that employs Google Single Sign-On, and enter your username and password like you normally do.
- Every 30 days or every time you try logging into your WFU Google Mail or any Google Single Sign On service on a new device, you’ll be asked for a six-digit code, which you’ll get from your phone. If you want, when you enter your code, you can choose to trust your computer — this means you won’t be asked for a code again when you sign in from this computer. If you sign in from another computer, however, you’ll be asked for a code.
- After you turn on 2-Step Verification, non-browser applications and devices that use your Google Account (such as the Gmail app on your phone or Outlook), will be unable to connect to your account. However, in a few steps, you can generate a special password called application-specific password to allow this application to connect to your account — and don’t worry, you’ll only have to do this once for each device or application.
Don’t want to use your phone? No problem. You’ll need a phone to set up 2-Step Verification at first, but you can then immediately change your second step. Here are some alternatives:
A security key (also called a fob, or USB key), is a Fido U2F certified, read-only device that looks like a USB flash drive. When plugged in to your USB drive, it will generate a code for you, instead of you entering a code manually. Any device that is Fido U2F certified can be used with Google 2-Step Verification.
Yes, there are a few limitations to U2F security keys. They are:
- You must be using a device with a USB port, and the USB port must not be disabled (some kiosks and computer labs disable USB ports for security reasons).
- You must be using a supported browser.
- Google Chrome supports U2F natively.
- While Firefox does not natively support U2F, there are extensions that may add U2F functionality.
Using Google Voice is not recommended. If you use Google Voice to receive verification codes, you can easily create a situation where you’ve locked yourself out of your account.
For example, if you are signed out of your Google Voice app, you might need a verification code to get back in. However, you won’t be able to receive this verification code because it will be sent to your Google Voice, which you can’t access.
This might be because the time on your Google Authenticator app is not synced correctly.
To make sure that you have the correct time:
- Go to the main menu on the Google Authenticator app
- Tap More Settings.
- Tap Time correction for codes
- Tap Sync now
On the next screen, the app will confirm that the time has been synced, and you should now be able to use your verification codes to sign in. The sync will only affect the internal time of your Google Authenticator app, and will not change your device’s Date & Time settings.
If none of your 2-Step options are working, you can call the Information Systems Service Desk Monday through Friday, from 8am to 5pm at 336-758-4357, or email us at firstname.lastname@example.org, or visit us at The Bridge located on the main floor of the Z. Smith Reynolds Library, and we’ll provide you with a backup code.
Please note, you will be required to answer security questions in order for us to provide you with this information.
If you lost the print-out of your backup codes, you can revoke them on your settings page. In the Backup codes section click Show codes, then click Get new codes. This will invalidate the previous set of backup codes and generate a new set.
When you turn on 2-Step Verification, any apps that need access to your WFU Google Account will stop working until you enter an App Password in place of your normal password.
Common applications and devices that require an App Password include:
- Old versions of email clients such as Outlook, Apple Mail and Thunderbird
- The email app that comes with your phone (but is not made by Google)
- Some chat, contacts and YouTube clients
Note: If you’re running the latest operating system on your iPhone/iPad or Mac computer, you will no longer have to use App passwords to use 2-Step Verification. You do not need to memorize App Passwords because every App Password is only used once. You can generate a new App Password whenever you’re asked for one–even for a device or application you’ve authorized before.