2 factor authentication FAQs
- Where can I get a mobile authenticator app?
- Where can I get a FIDO U2F Security Key?
- Can I turn off 2 Factor Authentication once I have turned it on?
- How do I recover from losing my mobile authenticator app, backup codes, or security key?
- What 2 factor authentication method do you recommend?
- Can I use myuser.nmu.edu/recover with 2 Factor Authentication on and I don't have a way to verify the second factor?
- How can I tell which type of code is required for the 2 Factor Authentication if I have enabled the authenticator app and backup codes?
- What happens once I run out of backup codes if that is the only 2 Factor option I am using?
Where can I get a mobile authenticator app?
- Authy from https://authy.com
- Google Authenticator from https://support.google.com/accounts/answer/1066447?visit_id=1-636474765789074938-3272926476&hl=en&rd=1
All of the methods have options to remove them.
If you lose your Backup Codes or any of the other 2 factor authentication devices you should immediately go to myuser.nmu.edu/user and disable that method, or generate a new list of Backup Codes which will invalidate the old list. You can also change your password.
If you need to change the settings and the normal 2 factor authentication login process is no longer available to you the recovery process at myuser.nmu.edu/recover can be used to change your password and update your 2 factor authentication settings. It does not “use” 2 factor verification and you will not be prompted for 2 factor authentication when you go to myuser.nmu.edu/user to complete the recovery process.
With any of the 2 factor authentication (sometimes referred to as 2FA or TFA) options, you should then use it to “trust” a number of computer browsers. You “trust” a device by selecting “Remember this computer for 30 days” option when you use the authenticator app. You should never select the Remember/trust option on someone else's device that you are only using for a one-time login. If you own or have “secure” access to multiple computer devices then you should trust more than one device. If you trust more than one device trust them on different days so if you can't login into one device the other device will still work for you. If you have trusted a device/browser then you have the remainder of the 30 day period to login and alter your 2 step verification.
The recovery process started at myuser.nmu.edu/recover does not “use” 2 step verification, you will not be prompted for 2 factor authentication when you go to myuser.nmu.edu/user to complete the recovery process. The myuser.nmu.edu/recover process does allow you to select Mobile Authentication app as a method of proving your identity, but it then supplies you with a temporary password recovery code which you use at myuser.nmu.edu/user. Temporary password recovery codes which can also be supplied by the helpdesk staff will never invoke 2 factor authentication.
You can use either one. The “Use a different method” option may lists the options separately if you have enabled both, but you can actually use either source in the Enter Code field.
Again if you have trusted a device, (and you should) you have 30 days (or less) to login from that browser/device and generate a new list of backup codes. We recommend after using up 9 codes that your next action should be to generate a new list at https://myuser.nmu.edu/user.
See also: Setting Up 2 Factor Authentication