Cybersecurity has become an increasingly important issue for organizations and technology users. While Ripon College has always had security practices in place to protect our network, we are adding additional layers of security in 2021.
Multi-Factor Authentication for signing into Google
Multi-Factor Authentication ("MFA", "2-Factor Authentication", "2 Step Verification") is a way of verifying that the individual signing into Ripon College system is actually who they claim to be. With MFA, if someone with bad intentions obtained your password, they would not be able to access your account because they would not have access to your second verification step.
Requirement for all users to enable 2-Step Verification for Google
In 2017, Google admitted that hackers steal almost 250,000 web logins each week. Since COVID-19, the US FBI reported a 300% increase in reported cybercrimes. This is the current situation in Cybersecurity. Though Ripon College currently implements good security systems, it is necessary that we continue to add layers of security in order to protect your information and the sensitive data we handle day to day.
How does Multi-Factor Authentication work?
With Multi-Factor Authentication turned on, you will need to take 2 steps to properly log in to your account. First, you will use your username and password as usual. Then, you will need to select Yes or No to a prompt sent to your smartphone or input a code that was sent to you through a text message or phone call.
Do I have to do the second step every time I log in?
No. When logging into your account you will have the opportunity to mark a checkbox that says “Don’t ask again on this device”. This will allow you to sign in to your Gmail account without a second step for a certain amount of time (usually 30 days).
Does checking “Don’t ask again on this device” make me less secure?
No. Checking this box simply sets a cookie for the device you are on, the account you are logged in to, and the web browser you are using when you checked the box so your preference is remembered. You will still be prompted for MFA authentication when using a different device, a different user account, or a different web browser.
Are there other options for my second step?
You will need to set “Prompt” or “Code through text/call” as your main method. Additionally, you can have one-time use backup codes, use the Google authenticator app or security key. Follow Google’s 2-factor authentication support page for additional information on each option.
What if I don’t have my smartphone and cannot approve the MFA authentication?
This is what your backup option is for. You can choose to add your office phone number for when you leave your smartphone at home. You can also set up one-time use backup codes that can be printed out and left at home in a secure location to log in if you happen to leave your smartphone at work. Ideally, you would set up a backup option for all the different places you will be using your Google account. As a last resort, anyone in OIT can retrieve a backup code for your account.
What if I don’t have a mobile phone?
You can set up Multi-Factor Authentication to call you at any phone number (e.g. Office phone number, a landline at home, etc).
How can I change my MFA settings?
Log in to your Gmail account. Select your profile picture in the top right corner and select “Manage your Google account.” Select the Security tab on the left side of the screen, then select “2-step verification.” Input your password if requested. Now you should see all the different options for 2-step verification.
How can I receive the prompt on additional smartphones/tablets?
You can choose to receive the prompt on as many devices as you would like. To add another smartphone or tablet, sign in to your Google account on the device you would like to use. For iPhone you should use the Gmail or Google app. For Android, you should sign in to your Google account in settings.
How do I add a phone number to my Google MFA?
Follow the steps from the “How can I change my MFA settings” question to get to your 2-step verification settings. Then select add phone and input the phone number you would like to add. You can add as many additional phone numbers as needed.
Is any authentication method more secure?
We recommend you use the Yes or No prompt method. Apart from being the easiest option, it is also slightly more secure than a text message or phone call. Both options are much more secure than password alone.
What if I get a prompt or code but I am not signing in?
If you get a prompt when you are not signing in, select the “No, it’s not me” option and immediately change your Google password. If you need assistance, contact the OIT department.
What if I get a new smartphone and/or change my phone number?
If changing both your smartphone and phone number, make sure you print out a few one-time use backup codes before getting rid of your old phone. This will allow you to sign in to your Google account on your new device or change your phone number in MFA settings. To access MFA settings, follow the steps under “How can I change my MFA settings?”. If getting a new smartphone but keeping the same phone number, make sure you log in to your Google account in the new device. Watch the beginning of our step-by-step set-up video for an example of how to accomplish this.
I still have questions.
Check out Google’s common issues with 2-step Verification . If you still have questions please email us at email@example.com.
Guide to Multi-Factor Authentication at Ripon College
Ripon College has, for several years, blocked traffic to and from some foreign countries.
These countries had been identified as being the source of many malicious sites that have historically probed our campus network.
OIT will open up individual sites from blocked countries upon faculty request. We appreciate being given a day's notice for such requests, which can be made by emailing ITHelp@ripon.edu.
Activating 2 Step Verification with android:
Activating 2 Step Verification with iPhone:
Activating 2 Step Verification with just the text message or call option:
Signing into Google Workspace with prompt:
Signing Google Workspace with Text Message: