Setting Up 2 factor authentication

Why Do We Use 2FA?

While your password may seem to protect your account at first glance, it is becoming more and more common in our ever expanding digital world that passwords are leaked online by various means such as phishing attempts, DNS hijacking, etc; or just being brute forced (broken into using an algorithm or other means). To secure your account to protect yourself from these sorts of thing, it is best practice to enable a second layer of protection using: "2 Factor Authentication" (2FA). Enabling 2FA means that, even if somebody manages to steal or bypass your password, it is not enough to get into your account.

This additional form of authentication (sometimes referred to as 2FA or TFA) is completely independent from your username and password.

How It Works

  • You will login as usual with your username and password, then be prompted to enter an additional code from either an Authenticator App, a Security Key, or a set of Backup Codes to verify that it is actually you trying to sign in.
  • You can also click a checkbox at the login page to trust a device for 30 days so you can just use your  username and password to log in on that device.

Recommendations

  • Enable more than one 2 factor authentication method such as using both an Authenticator App AND Backup Codes! 
  • During login, when it asks for 2FA code, select the option that says "Remember this device". 
    • This will prevent you from needing to re-enter the code on your device for the next 30 days. 
    • The browser "trust" is managed through the use of browser cookies. If you clear your browser's cache/cookies then you remove any existing 30 day trust and it will cause the two factor authentication prompt to occur when you next login.
    • Make sure that when you get a new phone that you have your backup codes stored somewhere safe & accessible so that you can remove the authenticator app from that was used on the old phone and re-add it again later. 

Three Options for Setting Up 2FA

There are 3 main options for setting up 2 Factor Authentication for NMU services like MyNMU and MyUser:

  • An authenticator app such as Google Authenticator, or the Passwords App on your iPhone/iPad. 
    • Can be setup using your phone, or tablet.
    • Check the Play Store (Android) for full options other than our recommendations.
    • Check the App Store (iOS) for full options other than our recommendations.
  • A USB security key. Can be purchased
    • Can be purchased from Amazon, or any other online retailer.
    • Located in local stores (check with your local stores for availability).
  • Backup codes - single use ONLYUsed when the other methods above are unavailable

Authenticator App (Best for mobile devices - tablets or smartphones - our recommendation for most users)

  • Enabling this option will require that you enter a code generated by the authenticator app as a second factor during the login process.
  • We suggest using Google AuthenticatorMicrosoft Authenticator, or the Passwords App on your iOS device
    • Install the chosen authenticator app on your device BEFORE turning on this option.
  • The steps are very similar for any authenticator app: 
    1. Using a separate device: login to myuser.nmu.edu/user
    2. Locate the "Security" tab then "2-Step Verification" and select the "Display Options".
    3. Find the option that says Authenticator App.
    4. A QR code will show up on the screen. Do not close this.
    5. Using your mobile device: you will need to scan this from within the chosen authenticator app. Usually there will be a "+" button somewhere, or an "Add code" button. 
    6. Scan the QR code. 
    7. You may be asked to "name" it. You can name it anything you want although it may be best to name it any of the following names for clarity: NMU 2FA, MyUser 2FA code, or whatever makes sense to know it is for signing into NMU websites.
    8. Once it is saved within the app, it will start displaying a code. These codes typically update every 30 seconds. 
    9. Back on the separate device with the QR code showing, there should be an empty text box.
    10. Enter the most recently generated code from the authenticator app and press submit. 
    11. Scroll down, and locate the backup codes option. Generate the codes and print them out, write them down, and keep them securely stored in case you are ever unable to access your authenticator app. Note: those codes are all single use. You may want to follow these steps from the beginning with your new device if you cannot access the old authenticator app. When you go through them again, you may have to press "remove" under the authenticator app to "remove" the old one before setting it up again on a device you currently have access to.  

For quick set-up instructions see: 2FA Quick Steps 

USB Security Key (Requires extra hardware)

  • Requires FIDO U2F Security Key device, typically a USB device, to be attached to the computer you are logging in from.
  • NOTE: Security keys are currently only compatible with the Chrome web browser.
  • For step by step instructions see: Using a Security Key for 2 factor authentication

Backup Codes (Used as a backup to the other options)

  • Backup codes come in sets of 10 that you generate at https://myuser.nmu.edu/user by going to the Security Tab once signed in, and selection 2FA Options. Backup codes are the option on the bottom of the page (you may have to scroll down.)
  • Each of the 10 Backup Codes can only be used once
  • Typically you print them out, keep them in a secure location, and check them off as you use each one. This is NOT RECOMMENDED as your only source of 2FA codes. 
  • You can generate a new set codes at any point, automatically making the old set inactive.
  • If you run out of backup codes, you will need to reset your password. IMPORTANT: Once your password is reset, do not close the tab that opens up with the title at the top of "User Account Management".
  • From "User Account Management" Select the Security Tab. 
  • In the Security Tab, locate 2FA Options.
  • For step by step instructions see: Using Backup Codes for 2 factor Authentication

     Notes:

  • Once you complete these steps, you will be required to use 2 factor to log into MyNMU, MyUser, and other NMU services that require it.
  • If 2 factor authentication is preventing you from accessing NMU Services verify the problem also occurs at https://myuser.nmu.edu/user .
    • If it doesn't work there then follow the password reset instructions located here: 

Google Account 2 Factor Authentication

  • 2 factor authentication on your NMU G Suite account is a separate feature unique to Google.
  • A good overview with links to set up 2 factor authentication for your NMU Google account is available at https://www.google.com/2step.

See also: 2 Factor Authentication Frequently Asked Questions

Rate this Article: 
Average: 1.4 (37 votes)
Keywords: 
FAQ
authentication
2fa
security
myuser
Documentation Category: 
Virus/Security
Accounts/Network Access
User Accounts
Get Connected
Services
MyNMU
MyUser