Go into your Google settings and access 2-step verification. There is a place labeled “recovery” where you can put in your cell phone number. When you try to sign in on a new device, a verification message will be sent to your phone. You simple press the “yes” button and the sign-in goes through. Once you verify a new device, you don’t have to do it again.
It is up to your university on the policy they put in place. At the least restrictive, they could require MDA once per device (MFA once on your new phone and you never have to again), or, they could require it once every 30 days. At the more restrictive end, they could require MFA once or more per day.
If you use Outlook on only one device, and your properly registered it as the only device, you should be fine. Otherwise, two-step verification every time you first open Outlook on your device.
I don’t like it either, what if my cards and my phone are in my purse which gets lost or stolen? Now I can’t access anything, most importantly my on line banking to see if I’m being robbed yet. Which will be easier for them when they have the cards and the phone both, I should think.
I told the gov site I had no cell phone and they produced an individual bingo card, type thing, for me which they have in the automated system. So instead of a numerical message to your phone, it asks you what’s in box 2C, 4A, etc, etc. Just as automated as the number thing, and way easier, for me anyway.
I’ve been using it for years. Note that you only need to use it if you’re logging in on a new device for the first time. The device will usually not require it again.
Restating from my earlier post - you can turn it off.
Google Account Help - Turn off 2-Step Verification
StG
I suppose one of the largest lessons from the way 2FA has been rolled out at many public websites is: Don’t leave obsolete emails and phone numbers on file as emergency contact methods with your providers. Have more than one and keep them active and up to date.
It’s kind of like leaving a front door key under a rock in your garden. It’s a great precaution as long as you replace the key when you replace the front door lock. If not, it’s worse than useless: it’s a backup you believe you have, but you’re wrong.
Google will allow you to set up more than one second factor. As I stated before, I have about 8, and they all work. You can use:
- You phone number for SMS
- An Authenticator app, such as Google Authenticator or Microsoft Authenticator. This can be on any device.
- Hardware key, such as aYubikey.
A note on the Authenticator apps: you can set up apps on multiple devices, so if you lose you phone you can still use your tablet, other phone, etc. Authy and Authanvil both have desktop apps.
The way it works in practice:
I use MFA to set up my account on a new device. For the most part, I do not use it again until setting up another device.
Usually, but as I said before, my work computer will log me out of Google every few weeks because it thinks I’m moving around due to the way work changes servers. I don’t always get a good signal in the building so I wouldn’t get the text I need. My house computer will also randomly log me out as well.
Maybe for Google, but not for my credit card which is by text only. So when I was in Greece and got declined for renting a car I was unable to log in to tell them it was me. There was no other fraud on the card, but I had to use another card to rent a car. I’ve had the same thing happen to me in Mexico, I had already paid half for my hotel, the other half is to be paid when you get there and has to be the same card. My card got declined and I was unable to log in because I don’t get texts. At least in that case they were able to let me call and get it cleared up.
Yes I’m glad I may not get fraud on my credit cards, but if I either have a hard time or am unable to clear it up then it can really screw me.
Yes. Overseas travel + credit card anti-fraud measures + two-factor authentication + vagaries of foreign calling & texting = a not-at-all seamless experience.
More like frustrating^4.
I’ve noticed that Google sends a reminder out every few months to check on your 2FA info, and update it if needed.
I’m confused about what’s supposed to happen on Oct 28 because where I am (Ontario, Canada) Google’s (or specifically, Gmail’s) security strengthening happened many months ago.
Specifically, those using email clients like MS Outlook to access Gmail via POP3 and SMTP were no longer able to use simple password sign-in, but required support for OAuth 2.0 or sign-in via Google. However, there was a workaround if you lacked such support. You could enable two-factor authentication and then request an “app password” which was device-specific.
I was worried about how well this would work since I (and others I know) have Outlook constantly and automatically checking mail. But it’s well implemented – the two-factor authentication is necessary only for the first time on any new device, and thereafter the app password works just fine.
So I’m guessing that Google is now saying that any access to your Google account is supposed to require 2FA, but again, I imagine that will happen only for the first login and not thereafter on the same device.
I still don’t understand why Google is so intensely paranoid about other people’s accounts. Sure, it’s nice for them to offer extra security, but not clear what their interest is in demanding it.
Go into the settings and write down the list of the one-time codes. You can use them if you can’t get texts.
Am I supposed to keep that paper with me at all times? What if I’m traveling and lose my passport. I keep photos of it on Google docs so if need be I can show the embassy who I am easier. So now I have to make sure I have that piece of paper with me in order to log in. And again, my credit card requires me every so often to get a text and no extra code.
Hell, I just got a ticket on ticketmaster and they required me to get a code. There was no option for even an email.
You can call the phone number on the back of the card and talk to an agent. It’s a pain, but it is pretty accessible.
I haven’t done this in years, but I used to call the credit card company before I travelled out of the country as a way of pre-authorizing. I assume nowadays the fraud detection already knows I am travelling based on the airline, hotel, rental reservations, but this obviously wasn’t the case for your hotel in Mexico.
Keep it in a text file on your cell phone.
My wife went to a conference in Vegas pre-Covid. Work paid for her travel and hotel, so when she tried to buy something her card got declined and blocked. I got a text, but by the time I noticed and approved, it was too late.
Just got back from a weekend trip home (see mom, go to a class reunion). Left my phone in a restaurant, and until I figured that out and went back to get it, I was going to be unable to fly back home, since my boarding pass was on my phone (take that, Dr Rick from Progressive!).
This. And I received notification about an hour ago on my android phone that my access has been changed.