2fa - Technology Support Services

Documentation

Your password protects your account. You can also add a second layer of protection with "2 Factor Authentication" so even if somebody manages to steal your password, it is not enough to get into your account. This additional form of authentication (sometimes referred to as 2FA or TFA) is completely independent from your username and password.

How It Works

You will login as usual with your username and password, then enter an additional code from either an Authenticator App, a Security Key, or a set of Backup Codes to verify that it is in fact you. You can also click a checkbox at the login page to trust a device for 30 days so you can just use your  username and password to log in on that device.

Recommendations

• Enable more than one 2 factor authentication method such as using both an Authenticator app and Backup Codes!
• Remember / Trust more than one browser/device by clicking the checkbox at the bottom left corner of the login prompt before logging in. Do this on different days for each browser/device so they both don't reach the 30 day limit on the same day.

This will trust that device for 30 days and you will not be required to enter the additional 2 factor code on that device during the 30 day period. It's best if you don’t trust multiple devices on the same day so they don’t all expire at the same time. The browser/device trust is managed through the use of browser cookies, so if you clear your browser's cookies then you remove any existing 30 day trust and cause the two factor authentication prompt to occur when you next login.

3 Options for Setting Up 2 Factor Authentication for NMU Services

There are 3 options for setting up 2 Factor Authentication for NMU services like MyNMU and MyUser; an authenticator app, USB security key, and backup codes.

Authenticator App (Best for mobile devices - tablets or smartphones)

Using a mobile authenticator app on your smartphone, tablet, or computer as a second factor during login. Enabling this option will require that you enter a code generated by the authenticator app as a second factor during the login process. Google Authenticator  and Microsoft Authenticator are 2 authenticator apps that will work. Google Authenticator works on Android and Apple iOS devices. Install the authenticator app BEFORE turning on this option for NMU Services.

For quick set-up instructions see: 2FA Quick Steps 

USB Security Key (Requires extra hardware)

Requires FIDO U2F Security Key device, typically a USB device, to be attached to the computer you are logging in from. NOTE: Security keys are currently only compatible with the Chrome web browser.

For step by step instructions see: Using a Security Key for 2 factor authentication

Backup Codes (Used as a backup to the other options)

Backup codes come in sets of 10 that you generate at https://myuser.nmu.edu/user. Each of the 10 Backup Codes can only be used once. When a backup code is used it will become inactive. Typically you print them out, keep them in a secure location, and check them off as you use each one. You can generate a new set codes at any point, automatically making the old set inactive. If you use back up codes it is recommended you get a new set of 10 codes before you use the last code and run out of the current set of backup codes you are using.

For step by step instructions see: Using Backup Codes for 2 factor Authentication

     Notes:

• Once you complete these steps, you will be required to use 2 factor to log into MyNMU, MyUser, and other NMU services that require it.
• If 2 factor authentication is preventing you from accessing NMU Services verify the problem also occurs at https://myuser.nmu.edu/user . If it doesn't work there then use MyUser's recovery link to reset your password and change or verify your 2 factor authentication settings.

NMU G Suite Account 2 Factor Authentication

2 factor authentication on your NMU G Suite account is a separate feature unique to Google. A good overview with links to set up 2 factor authenticaton for your NMU G Suite account is available at https://www.google.com/2step.

See also: 2 Factor Authentication Frequently Asked Questions

Documentation

Setting up Backup Codes for 2 factor authentication

      1. On a computer or other device, go to https://myuser.nmu.edu/user, click “Account Status/Change my Password” and login with your NMU ID and password.

      3. Click the Security Tab, then“Setup Codes" button under “Backup Codes”.

      4. The 10 backup codes will be displayed. Record or print the 10 backup codes and keep them with you. Each backup code can be used only once. An email message summarizing the 2-factor authentication will be sent to your NMU email account.

Using Backup Codes for 2 factor Authentication

      1. When logging into an NMU service such as MyNMU after entering in your userID and password you will be prompted to enter a code for 2-step verification and a checkbox to “Remember this computer for 30 days” if this is a personal device you feel you trust will stay secure and you don’t want to be prompted for the 2-step authentication each time you access the service.

      2. Enter one of your 10 backup codes and click “Next”.

      3. Cross out the backup code you used since it can’t be used ever again.

      4. Once you have used 8 to 9 backup codes get more backup codes at https://myuser.nmu.edu/user before using the last one.

We recommend you also set up another form of 2-factor authentication such as the Google Authenticator or Authy Authenticator App so you have more than one method of 2-factor authentication.

Documentation

Setting up Google Authenticator for 2 factor authentication

These instructions provide an overview of the process and the process may have changed if the authenticator app was recently updated. If you find you need more assistance than provided here please contact NMU Technology Support Services.

We recommend you set up 2-factor authentication Backup Codes first so you have more than one method of 2-factor authentication to use prior to setting up an Authenticator App.

    1. Get the “Google Authenticator” app for your iOS or Android device from the Apple App Store or Google Play.

    2. Run the “Google Authenticator”  app.

    3. On a computer or another device, go to https://myuser.nmu.edu/user, click “Manage Your User Account” and login with your NMU ID and password.

    4. Click on the “Security” tab and then the “Display options” button under “2-Step Verification”.

    5. Click the “Setup App” button under “Authenticator App”. A QR Code will be displayed. If the “Setup App” button isn't available but a "Remove" button is then an authenticator app has already been configured for your account. If you want to delete the current one and set up the Google Authenticator click the "Remove" button and the “Setup App” button will become available.

    6. On your iOS or Android device click the "+" (plus sign) in the upper right of the screen and then the "Scan barcode" option at the bottom.

    7. Google Authenticator may prompt for you to allow access to the Camera. Click “OK”.

    8. Scan the QR Code displayed on the computer or other device.

    9. Google Authenticator will display NMU, your NMU email address as your account name and your current 6 digit token number. The 6 digit token number renews every 30 seconds.

    12. Enter the current 6 digit token number into https://myuser.nmu.edu/user on your computer or another device and click the “Verify” button.

    13. The screen will indicate if the app was successfully added and then revert to the previous screen showing the time and date the app was authorized. An email message summarizing the 2-factor authentication will be sent to your NMU email account.

    14. Log out of https://myuser.nmu.edu/user.

Using Google Authenticator for 2 factor authentication

    1. When logging into an NMU service such as MyNMU after entering in your userID and password you will be prompted to enter a code for 2-step verification and a checkbox to “Remember for 30 days” if this is a personal device you trust will stay secure and you don’t want to be prompted for the 2-step authentication each time you access the service.

    2. Open your Google Authenticator app on your iOS or Android device and enter the current token displayed and click “Next”.

Documentation

Setting up a Security Key for 2 factor authentication

A FIDO U2F Security Key is typically a USB or other device you can connect to your computer to be used as a second step in 2 factor authentication. Security keys are currently only compatible with the Chrome web browser.

We recommend you set up 2-factor authentication Backup Codes first so you have more than one method of 2-factor authentication to use prior to setting up a Security Key.

1. Have a FIDO U2F Security Key available prior to starting this process.
   
2. Use the Chrome web browser for setting up and using a FIDO security key. If you do not already have the Chrome web browser installed you can download it from https://chrome.com.
3. Using the Chrome web browser, go to https://myuser.nmu.edu/user, click “Account Status/Change My Password” and login with your NMU ID and password.
   
4. Click on the “Security” tab and then the “Add Security Key” button.
   
   

5. The following instructions will be displayed to add the security key. Follow the instructions:
   

    

6. Once you tap the button or gold disc on the security key you will briefly see the message: "Your security key has been registered." Then the web page will go back to the “2-Step Verification" screen and you will receive a confirmation via email. You can now remove the FIDO security key.
7. Log out of https://myuser.nmu.edu/user.

Using a Security Key for 2 factor authentication

1. The Chrome web browser is required for using a FIDO security key. If you want to use the Firefox web browser it will have to be configured to allow using the USB security key.
2. When logging into an NMU service such as MyNMU after entering in your userID and password you will be prompted to insert your security key. You can also check the “Remember this computer for 30 days” check box if you want to trust this computer.
3. Insert the FIDO security key.
4. Press the gold disk or button on the key and the 2 factor authentication will be accepted and you will be logged in.
5. You can remove the FIDO Key and store it in a safe place.

Documentation

NMU 2 factor authentication can be set up using Authenticator Apps, Backup Codes, or Security Keys. These instructions cover how to disable each of those options individually. You can disable one or more of them. NMU recommends you always have more than one 2 factor authentication method enabled.

1. On a computer or other device, go to https://myuser.nmu.edu/user, click “Manage Account” and login with your NMU ID and password.

    

   

2. Click on the “Security” tab and then the “Display TFA” button under “2-Step Verification”. The following page will be displayed.

    

   

3. To disable the current Authenticator App click the "Remove" button in the "Authenticator App" box.

4. To disable the current Backup Codes click the "Remove" button in the "Backup Codes" box.

    

5. To disable a Security Key click the "Pencil" icon in the "Security Key" box, then click the "Delete Security Key" button.

    

   

6. To revoke all trusted devices click the "Revoke All' button in the "Devices you trust" box.

7. If all 2 factor authenthication methods are disabled the "2-step Verificaton" box at the top of the page should show it is "OFF".

    

   Note:

   • 2 factor authentication on your NMU G Suite account is a separate feature unique to Google. A good overview with links to configure 2 factor authenticaton for your NMU G Suite account is avalable at https://www.google.com/2step.