2 Factor Authentication FAQs
- Where can I get a mobile authenticator app?
- Where can I get a FIDO U2F Security Key?
- Can I turn off 2 Factor Authentication once I have turned it on?
- How do I recover from losing my mobile authenticator app, backup codes, or security key?
- Can I use myuser.nmu.edu/recover with 2 Factor Authentication on and I don't have a way to verify the second factor? If so, what recommendations do you have for verifying 2 Factor Authentication settings once I change my password?
- How can I tell which type of code is required for the 2 Factor Authentication if I have enabled the authenticator app and backup codes?
- What happens once I run out of backup codes if that is the only 2 Factor option I am using?
Where can I get a mobile authenticator app?
- Authy from https://authy.com
- Google Authenticator from https://support.google.com/accounts/answer/1066447?visit_id=1-636474765789074938-3272926476&hl=en&rd=1
All of the methods have options to remove them. If you lose your Backup Codes or any of the other 2 factor authentication devices you should immediately go to myuser.nmu.edu/user and disable that method, or generate a new list of Backup Codes which will invalidate the old list.
With any of the 2 factor authentication options, you should then use it to “trust” a number of computer browsers. You “trust” a device by selecting “Remember this computer for 30 days” option when you use the authenticator app. You should never select the Remember/trust option on someone else's device that you are only using for a one-time login. If you own or have “secure” access to multiple computer devices then you should trust more than one device. So if you have trusted a device/browser then you have the remainder of the 30 day period to login and alter your 2 step verification.
Can I use myuser.nmu.edu/recover with 2 Factor Authentication on and I don't have a way to verify the second factor? If so, what recommendations do you have for verifying 2 Factor Authentication settings once I change my password?
The recovery process started at myuser.nmu.edu/recover does not “use” 2 step verification, you will not be prompted for 2 factor authentication when you go to myuser.nmu.edu/user to complete the recovery process. The myuser.nmu.edu/recover process does allow you to select Mobile Authentication app as a method of proving your identity, but it then supplies you with a temporary password recovery code which you use at myuser.nmu.edu/user. Temporary password recovery codes which can also be supplied by the helpdesk staff will never invoke 2 factor authentication.
You can use either one. The “Use a different method” option may lists the options separately if you have enabled both, but you can actually use either source in the Enter Code field.
Again if you have trusted a device, (and you should) you have 30 days (or less) to login from that browser/device and generate a new list of backup codes. We recommend after using up 9 codes that your next action should be to generate a new list at https://myuser.nmu.edu/user.
See also: Setting Up 2 Factor Authentication