Google Two Factor Authentication - FAQ
The single most important thing you can do to help secure the University is to protect your own accounts.
Catholic University has enforced 2-Step Verification for Cardinal Mail Google Workstation. Please enroll now to ensure continued access to your Cardinal Google account.
Please read through this FAQ to learn more about using Google 2-Step Verification.
Table of Contents
General Questions
Why should I use Google 2-Step Verification?
You should use 2-Step Verification for your Cardinal Mail Google Workspace account to protect your data, and the University's data. Enabling 2-Step Verification helps keep malicious individuals out, even if they obtain your password.
If a bad actor accesses your account, they can delete or modify your data (including your email and files on Shared drives to which you may have access), lock you out, steal your identity, send spam, collect information about your Contacts and more.
With 2-Step Verification enabled, you type your password as usual, then Google prompts you to verify your identity using an app or a verification code. This second step makes it harder for someone to break into your account because it requires you to use an app or codes to which only you should have access.
Using a second form of authentication greatly decreases an attacker’s chance of gaining access to your account.
2-Step Verification is required for Cardinal Mail Google Workspace. You will not be able to use your Cardinal Google account if you have not enabled it after you have logged in for the first time. We strongly recommend that you turn on 2-Step Verification immediately.
Is Google 2-Step Verification required to log onto campus computers?
No. Google 2-Step Verification is only for Google. That is, 2-Step Verification it is needed to access your University Gmail, Calendar, My Drive, Shared drives, and other Google services that you access with your Cardinal Credentials.
You do not have to use Google 2-Step Verification in order to log onto a campus computer.
What 2-Step Verification methods are supported for Cardinal Mail Google Workspace?
Catholic University supports use of the following Google 2-Step Verification second step methods.
Google prompts. After you enter your password, Google prompts are securely sent to every mobile device where you're signed into your Google account. Just tap the notification to review and sign in. No need to enter verification codes.
Authenticator app. Generate a verification code using an app on your smart phone. Commonly-used authenticator apps are Google Authenticator and Microsoft Authenticator.
Voice or text message. Receive a verification code using SMS text message or voice on your registered phone. (Note: this is a less secure method than using Google prompts or an authenticator app.)
Backup codes. Use a single-use code from a set that you download or print. You can generate a new set when you run out. Be sure to always store these codes securely!
Why should I use Google prompts?
The easiest verification method is Google prompts. Using this method, you just tap a prompt rather than enter a verification code. Google prompts can help protect against phone number-based hacks such as SIM card swaps. It is more secure than using voice or text messages.
Google prompts are push notifications you receive on
Android phones that are signed in to your Google Account
iPhones with the Gmail app, Google app or Smart Lock app signed in to your Google Account
Based on the device and location info in the notification, you can:
Allow the sign in if you requested it by tapping Yes
Block the sign in if you didn’t request it by tapping No
Google may occasionally also ask you to tap a pin number that matches the one displayed on your screen, for extra security.
Note: If you sign in to your Google Account on any eligible phone, Google prompts is added as a method for 2-Step Verification automatically.
Please also enable additional verification methods.
Why should I configure more than one verification method?
If you lose or forget to bring the phone you registered for 2-Step Verification, it's important that you have another method you can use to access your Cardinal Google account.
We strongly recommend enabling all four supported methods!
How do I turn on Google 2-Step Verification?
To turn on 2-Step Verification:
Browse to Google's 2-Step Verification enrollment page.
Sign in with your Cardinal Credentials if needed.
Click the GET STARTED button. (Have your phone nearby.)
Follow the step-by-step setup process.
Once you're finished, you'll be taken to the Google 2-Step Verification settings page. Review your settings and add additional verification methods. Be sure to add several alternative methods.
How do I sign in with 2-Step Verification?
After you have turned on 2-Step Verification, you sign in to your account in two steps with
Something you know (your password), and
Something you have (your phone or other verification method).
Google prompts you for the information needed for the second step. In the example screenshot, Google is asking you to open the Gmail app on your iPhone for verification via Google prompts.
If you have more than one 2-Step Verification method set up (highly recommended!), you can click "Try another way" to use a method different.
This is the computer I use regularly. How to I keep from being prompted each time?
If you are using a device that is primarily assigned to you, such as your office computer or your own mobile device, you can mark that device as trusted so that you don’t have to enter a verification code each time you sign in. To do this, follow these steps.
Sign into your Cardinal Mail Google Workspace account on a computer or device you trust.
When you enter the verification code, also select the option "Don't ask again on this computer."
What if I don't have my phone with me?
If you will be somewhere without your mobile device, you can use backup codes for 2-Step Verification.
To learn how, please read Sign in with backup codes on Google's support site.
Please note:
Once you use a backup code to sign in, that code becomes inactive.
You can generate a new set of 10 backup codes whenever you want, using the instructions above.
When you generate a new set of codes, the old set automatically becomes inactive.
What happens if I don't turn on Google 2-Step Verification by the deadline?
You will not be able to log onto your Cardinal Google account. So please don't wait for the deadline—turn it on as soon as possible.
When do I use Duo versus Google 2-Step Verification?
You use Google 2-Step Verification for access to the University's Google services (e.g., Gmail, Drive, Calendar) and services that login using Google (e.g., Zoom).
You use Duo for access to specific other University services such as VPN, Cardinal Financials or Cardinal Faculty and Staff, as required.
Both Google and Duo can generate push notifications to your mobile device.
You respond to Duo requests with the Duo app.
You respond to Google prompts by tapping a system notification (Android), or by tapping a notification in the Gmail, Google or Smart Lock app (Apple iOS).
Otherwise, the two are very similar. Google 2-Step Verification and Duo are both multi factor authentication software tools that help keep the University's data safe. 2-Step Verification and Duo work much the same way. Both support smart phone apps that can receive push notifications for easy one-tap verification. Both support verification codes using an authenticator app, SMS text messaging or voice calls.
Troubleshooting Questions
I just turned on 2-Step Verification. Why are some of my apps prompting me to log in again?
Some apps use your Google account for authentication. One example at CatholicU is Zoom. When you change your Cardinal password, or turn on Google 2-Step Verification, these apps ask you to log on again to re-verify your identity.
Why am I not seeing Google prompt notifications on my phone?
On Apple iOS, be sure that
Your phone is connected to the internet. You need Wi-Fi or cellular data turned on to receive notifications.
You turn off Focus or Do Not Disturb in Settings if it is turned on.
You have turned on push notifications for the Gmail app, Google app or Smart Lock app.
On Android, be sure that
Your phone is connected to the internet. You need Wi-Fi or cellular data turned on to receive notifications.
You turn off Do Not Disturb, if the setting is turned on.
Your phone has the latest version of Google Play services.
Check that you are signed into your Google Account: Open Settings. Tap Accounts and then Google. If you aren’t signed in, follow the on-screen steps.
Why am I not receiving the SMS text message verification codes on my phone?
There are several reasons this might happen.
You won't receive a verification code if Google prompts is your default second step. Instead, look for the system notification (Android) or open the Gmail app, Google app, or Smart Lock app signed in to your Google Account (Apple iOS) and respond to the prompt.
Google may not send you a verification code if they notice anything suspicious about how you sign in.
You may be in a location with marginal service. Delivery speed and availability varies by location and service provider.
Related: If you requested and received multiple verification codes, only the newest one will work.
My application doesn't support "Sign in with Google." How can I log on now that I have 2-Step Verification turned on?
Nearly all modern apps and programs support "Sign in with Google" in which they take you to a Google web page to sign in when you add your account. This works with 2-Step Verification. Make sure your app or program is the latest version. You should be all set.
If an app doesn’t offer “Sign in with Google,” you can either:
Switch to a more secure app or version (recommended!)
Use App Passwords
An App Password is a 16-digit passcode that gives a less secure app the ability to access your 2-Step Verification-enabled Google Account.
To learn how to generate and use App Passwords, please read Sign in with App Passwords on Google's support site.
Apple users: please note that iPhones and iPads do not require App Passwords—they can use "Sign in with Google," which is more secure.
What should I do if the device I use for 2-Step Verification is lost or stolen?
Sign into your Cardinal Google account using alternate second step methods that you configured.
Once in Google, sign out the phone you no longer use and remove App Passwords to make sure no one else can access your account with the lost device.
To log onto your Cardinal Mail Google Workspace account without your registered device (phone), you can verify it’s you with alternate methods you may have configured in the 2-Step Verification section of your Google Account:
Google prompts using a different phone or tablet signed in to your Google Account.
A second voice or text message phone number you specified.
A backup code you previously saved.
Or you can try signing in from a trusted computer or smart device for which you checked the "Don’t ask again on this computer" option.
I got a new phone. What do I need to do?
If your new phone has the same phone number as the old one, and
you signed into your Cardinal Google account on the new phone and its apps (if needed), and
you transferred your authenticator app codes to the new phone (if needed), and
you did a full reset of your old phone before you turned it in or gave it to someone else,
then the new phone should work a-okay with 2-Step Verification.
If the new phone has a different number or you didn't do a full reset of the old phone, you should treat your old phone as being lost and perform security resets (see related question).
I lost the backup codes I saved. How do I revoke them?
If you lost the 2-Step Verification backup codes that you downloaded or printed, visit the 2-Step Verification section of your Google Account and follow these steps.
Select Show codes.
Select Refresh.
This invalidates the old codes. Download or print the new codes, and store them securely.
I didn't specify additional second step methods and I'm locked out—help!
If none of your 2-Step Verification methods are working, please submit a service request and let us know a good number to reach you. We will need to ask you security questions over the phone to validate your identity in order to assist you.
I selected "Don’t ask again on this computer." Why does the browser keep prompting me for 2-Step Verification?
Usually this is because your web browser doesn’t have cookies enabled or is set to delete cookies after a certain period of time. To fix this, edit your browser’s cookie settings. You can either set your browser to allow cookies, or you can whitelist Google Account cookies by adding [*.]google.com.
Don't use private browsing because those windows can't use cookies from other sessions. To sign in to Google, open a normal window.
If you use different browsers or multiple computers, make sure you check "Don’t ask again on this computer" and adjust your cookie settings on each one. You need to do this on each computer that you use.
Important: If you are logging into your Cardinal Google account on a campus classroom or user area computer, 2-Step Verification is required because the software configuration is refreshed each time the computer restarts, so be sure to have your phone or backup codes with you.
My Google Authenticator app codes aren’t working (Android). What do I do?
This can happen when the time on your Google Authenticator app is not synced correctly. To make sure that you have the correct time:
Go to the main menu on the Google Authenticator app
Tap More Settings
Tap Time correction for codes
Tap Sync Now
On the next screen, the app will confirm that the time has been synced, and you should now be able to use your verification codes to sign in. The sync will only affect the internal time of your Google Authenticator app, and will not change your device’s Date & Time settings.