Google Support & Guidance
This activity contains support and guidance regarding your OCA email account and subsequent Google facilities, such as Google Mail, Google Drive and Google Meet.
What is Two-Factor Authentication - or "2FA" for short?
Two-Factor Authentication, or "2FA" for short, is an additional method of security and used to ensure that your account and personal information remains private, safe and secure, by aiming to ensure no unauthorised access to your account. Should you find it helpful, the following Google Support page provides more information regarding the benefits of 2FA.
Why do I need to enable 2FA?
Per February 8th 2024, Two-Factor Authentication will be enforced for all students, effective February 29th 2024, and students will therefore need to enable a minimum of two authentication methods prior to February 29th. Thereafter, and effective February 29th, students who have not enabled a minimum of two authentication methods within this timeframe will be locked out of their account and will need to contact the IT Services to regain access. Alternatively and providing a mitigating circumstance applies, students may opt out of enabling 2FA, and will again need to contact IT Services to do so, however, will face several restrictions within their OCA email account; please refer to the What if I don't or opt not to enable 2FA?' heading for more information.
New students, enrolling March 5th 2024 or thereafter, will have thirty days, as of the date they first sign into their OCA email account, to also comply with enabling a minimum of two authentication methods, and will be prompted to enable 2FA throughout this timeframe. Students who do not enable a minimum of two authentication methods within the thirty day timeframe will also be locked out of their account and will need to contact the IT Services to regain access.
How do I enable 2FA and what are the authentication methods available?
The process of enabling 2FA will differ depending on the method(s) you opt to use, with multiple 2FA methods available and students free to use any combination of the following;
- Authenticator Application
- Google Prompt
Freely available for; - SMS or Voice Verification Codes
- Back Up Codes
The above methods are listed based upon the order in which they're recommended by IT Services, starting with the most recommended option.
Authenticator Application
The Authenticator Application isn't an option that's initially available upon signing into your account for the first time and when needing to set up 2FA for the first time - or while 2FA is disabled - and students preferring to use an authenticator application, such as the Google Authenticator app via their phone or tablet, will therefore first need to enable Google Prompt or SMS or Voice Verification Codes and complete the process of enabling 2FA before enabling the authenticator app via their Google Account Security Settings.
Upon accessing your Google Account Security Settings, next select the '2-Step Verification' tab followed by the 'Authenticator App' option. Meanwhile, download the Google Authenticator app, freely available via the Apple App Store or Google Play Store, and sign into your OCA email account using the app. Next, and within your Google Account Security Settings, select the 'Set up Authenticator' option, which will either require you to either; scan the on-screen QR Code using your phone, or enter the provided setup key. Thereafter and within the app, you'll encounter a six digit time based code which you'll need to enter within your Google Account Security Settings in order to verify and complete the 2FA set up process.
If done successfully, the 'Authenticator App' will show as one of the available and configured 2FA options within the 2-Step Verification page.
Thereafter, and when signing into your OCA email account in the future, you'll be prompted to open the Google Authenticator app, whereby you'll be presented with a six digit code, similar to the one encountered during the original set up process, which you can enter when prompted and following your account password.
The following Google Support page provides additional information and guidance for iPhone and iPad (iOS) and Android respectively.
Google Prompt
Google Prompt allows users to receive a notification via a phone and/or tablet, whereby you'll then be prompted to accept or deny the sign in request using your preferred - and potentially multiple - device(s).
iPhone or iPad (iOS)
If signing into your OCA email account while needing to set up 2FA for the first time - or while 2FA is disabled - start by signing into your OCA email account using a desktop computer or laptop and continue with the sign in process until you reach the option to enable 2FA. Available for iPhone 5 and above, and using a compatible Google App, such as the Gmail, YouTube, Google Account, Google Photos or Smart Lock App, you'll next need to sign into one of the aforementioned apps using your OCA email account.
Once signed into your OCA email account in both instances, using your desktop computer or laptop, next select 'See more options', located in the bottom left of the 'Enable 2FA' page, followed by 'Google Prompt', whereby you should see your phone and/or tablet listed in the list of supported device(s). Assuming this appears as expected, next select 'Continue', whereby the device will be registered on your account thereafter.
In the event you're already signed into your OCA email account, and/or need to retrospectively enable Google Prompt, access your Google Account Security Settings while simultaneously signing into your OCA email account using any of the aforementioned compatible apps. Once signed into your account using your preferred app, the Google Prompt option should now display as enabled and the default 2FA method within your Google Account Security Settings.
Google Prompt will function simultaneously across all - and as many - iOS device(s) that you're signed into.
Thereafter and when signing into your account in the future, you'll receive a notification within your preferred app, whereby you can accept or deny the sign in request.
Please note that you cannot customise which app(s) you receive the push notification via. For more information and guidance, please visit the following Google Support page.
Android
Using any eligible Android device, Google Prompts will be automatically be enabled once signed into your OCA email account.
If signing into your OCA email account while needing to set up 2FA for the first time - or while 2FA is disabled - start by signing into your OCA email account using a desktop computer or laptop and continue with the sign in process until you reach the option to enable 2FA. Simultaneously repeat this process using your Android device.
Once signed into your OCA email account in both instances, using your desktop computer or laptop, next select 'See more options', located in the bottom left of the 'Enable 2FA' page, followed by 'Google Prompt', whereby you should see your phone and/or tablet listed in the list of supported device(s). Assuming this appears as expected, next select 'Continue', whereby the device will be registered on your account thereafter.
In the event you're already signed into your OCA email account, and/or need to retrospectively enable Google Prompt, access your Google Account Security Settings while simultaneously signing into your OCA email account using your Android device. Once signed into your account using your device, the Google Prompt option should now display as enabled and the default 2FA method within your Google Account Security Settings.
For more information and guidance, please visit the following Google Support page.
SMS or Voice Verification Code
SMS or Voice Verification Codes allow students to receive a six digit verification code, similar to the ones encountered when using the Authenticator Application, via SMS (text message) or phone call. When prompted, students will then need to enter the six digit code, whereby you'll then have access to your account; this process works similar to using the Authenticator Application, however, is more susceptible to social engineering and requires cellular service.
To set up SMS or Voice Verification Codes when signing into your OCA email account and needing to set up 2FA for the first time, upon encountering the 'Enable 2FA' page, enter your preferred mobile number, followed by 'Continue'. Shortly after and depending on your preference, you'll then receive an SMS or phone call containing a six digit verification which you'll simultaneously need to enter when prompted. Once complete, SMS or Voice Verification codes will be enabled, all you'll need to repeat the process of entering the six digit code when prompted in the future.
Back Up Codes
Back Up Codes are intended to act as an emergency verification method and aren't recommended to be used as one of your two preferred methods.
Available via your Google Account Security Settings, Back Up Codes are an eight digit code which can be entered when prompted and in the absence of any alternate 2FA method, such as when you don't have access to your mobile device and cannot use an Authenticator App or receive an SMS or Voice Verification Code, for example.
Back Up Codes are available as a group of ten varying codes and can be stored digitally or physically, but must be accessed and stored outside of your OCA email account and prior to use. When prompted, you can then use any of the available ten codes, however, and once used, that particular code cannot be reused. Once all ten available codes have been used, students will need to manually refresh their available back up codes, taking note of the new and updated codes, whilst also ensuring to safely dispose and destroy of any previous unused code(s).
To access and enable Back Up Codes, first access your Google Account Security Settings and select the '2-Step Verification' tab, followed by the 'Back Up Codes' option. On the following page, next select the 'Get Back Up Codes' option, whereby and on the following page, you'll then find the series of ten, eight digit back up codes and may make note of however many code(s) and via however any preferred method. For example, you may prefer to print and store them in a safe location or download and store them within your device. The codes may then be used as and when needed.
Following the above process and selecting the 'Refresh' option, you can generate a new series of codes, this is particularly applicable in instances whereby, for example, you've used all of the available codes or your existing codes are no longer secure. Selecting the 'Delete' option, you can also delete and disable Back Up Codes, if desired.
What if I don't have a smartphone, want to provide my telephone number and/or cannot install an authenticator app?
Students who do not possess a smartphone may wish to explore the possibility of using SMS or Voice Verification Codes, alongside Back Up Codes as their second 2FA method.
Students who don't wish to provide their telephone number should explore the possibility of using an Authenticator App, and vice versa.
In the event of mitigating circumstances - for example but not limited to, not possessing a mobile device - students should contact IT Services and discuss the possibility of additional alternative option(s), or, and again by contacting IT Services, discuss the possibility of opting out of enabling 2FA entirely, however, the latter will impose restrictions within your OCA email account, as outlined beneath the What if I don't or opt not to enable 2FA?' heading.
What if I don't or opt not to enable 2FA?
Existing students enrolled before February 8th 2024, who do not enable 2FA prior to February 29th 2024 will be locked out of their account and will need to contact IT Services to regain entry. New students, enrolled on or after March 5th 2024, who do not enable 2FA within the first thirty days of signing into their OCA email account and when prompted to do so, will be locked out of their account and will need to contact IT Services to regain entry.
Students who would prefer not to enable 2FA entirely will first need to contact and inform IT Services, whereby the following restrictions will be imposed within the OCA email account;
- Restricted access to the OCA directory, thereby preventing services such as the recipients auto-fill and suggestions feature, available within Google Mail, and access to Google Contacts, therefore prompting students to manually know and enter an intended recipient’s email address.