2 factor authentication FAQs

• Where can I get a mobile authenticator app?
• Where can I get a FIDO U2F Security Key?
• Can I turn off 2 Factor Authentication once I have turned it on?
• How do I recover from losing my mobile authenticator app, backup codes, or security key?
• What 2 factor authentication method do you recommend?
• Can I use myuser.nmu.edu/recover with 2 Factor Authentication on and I don't have a way to verify the second factor?
• How can I tell which type of code is required for the 2 Factor Authentication if I have enabled the authenticator app and backup codes?
• What happens once I run out of backup codes if that is the only 2 Factor option I am using?
• What happens if my Google Authenticator stops working?

Where can I get a mobile authenticator app?

• Google Authenticator App
  • Available in the iOS App Store and the Android PlaY Store.
• Passwords App built into most aPPLE devices (iOS/iPadOS 18+).
  • Exclusive to iOS, iPadOS, and MacOS. 
  • Pre-installed on your phone, and is typically stored in iCloud so it can be accessed easily if you get a new phone and set it up with the same Apple/iCloud account.
• Microsoft Authenticator App
  • Available from the iOS App Store and the Android Play Store.

Where can I get a FIDO U2F Security Key (Physical Security Key)

Check out these links, and search for "FIDO U2F Security Key":

• https://www.yubico.com
• https://www.amazon.com

Can I turn off 2 Factor Authentication once I have turned it on?

• All of the methods have options to remove them.
  • Go to MyUser, locate the security tab, 2FA Options (the first option top the page), and you can add/remove any option at any time by clicking their respective Add/Remove buttons.
  • See this page for more information for disabling 2FA: Disabling 2FA.

How do I recover from losing my mobile authenticator app (new phone), backup codes, or security key?

• If you need to change the settings and the normal 2 factor authentication login process is no longer available to you, the recovery process at myuser.nmu.edu/recover can be used to change your password and update your 2 factor authentication settings. It does not “use” 2 factor verification, and you will not be prompted for 2 factor authentication when you go to myuser.nmu.edu/user to complete the recovery process.
• Once you have changed your password, stay logged into myuser.nmu.edu and click on the Security tab. There you can update or modify your 2fa options.

• With any of the 2 factor authentication (sometimes referred to as 2FA or TFA) options, you should then use it to “trust” a number of computer browsers.
  • You “trust” a device by selecting “Remember this computer for 30 days” option when you use the authenticator app.
  • You should never select the Remember/trust option on someone else's device that you are only using for a one-time login.
  • If you own or have “secure” access to multiple computer devices then you should trust more than one device.

Can I use myuser.nmu.edu/recover with 2 Factor Authentication on, and I don't have a way to verify the second factor?

• The recovery process started at myuser.nmu.edu/recover does not “use” 2 step verification, and you will not be prompted for 2 factor authentication when you go to myuser.nmu.edu/user to complete the recovery process.
• The https://myuser.nmu.edu/recover process does allow you to select Mobile Authentication app as a method of proving your identity, but it does supply you with a temporary password recovery code which you use at https://myuser.nmu.edu/user.
  • Follow this link for our documentation on password resets: Password Recovery Instructions.
• Temporary passwords codes can also be supplied by the helpdesk staff (upon photo ID verification) & will also not require 2FA to get you into your Account Management settings to disable/re-enable 2FA.

How can I tell which type of code is required for the 2 Factor Authentication if I have enabled the authenticator app and backup codes?

• You can use either one when prompted for a code.
• The “Use a different method” option may list the options separately if you have enabled both, but you can actually use either source in the Enter Code field.

What happens once I run out of backup codes if that is the only 2 Factor option I am using?

• It is highly recommended that you do not rely on backup codes as your main source of 2FA.
  • They are meant to be a backup for when the other options are unavailable.
• If you have trusted a browser (a browser where you have signed into recently) you have 30 days (or less) to login from that browser/device and generate a new list of backup codes before it prompts you to use a code again after you have run out.
• We recommend after using up 9 codes that your next action should be to generate a new list at https://myuser.nmu.edu/user from the Security tab, and two factor options.
• Otherwise, you will need to use the recover option to change your password and access your account settings.
  • Link: Password Recovery Instructions

What happens if Google Authenticator stops working?

• It quite possibly is out of sync with the correct time. The following website has instructions for Android and iPhone: my two factor codes aren't working.

See also: Setting Up 2 Factor Authentication