Set up 2-Step Verification
2-Step Verification: email template for administrators
Here's a sample communication you can send or post to users when you roll out 2-Step Verification to your Google Apps users. For more about 2-Step Verification, see About 2-Step Verification.
Important tips for deploying 2-Step Verification
If your Google Apps domain hasn't yet migrated over to new infrastructure:
- Your users won't be able to enroll in 2-Step Verification by going to https://www.google.com/accounts/SmsAuthConfig. Instead, instruct your users to follow these steps to get to their 2-Step enrollment page.
- The URL https://www.google.com/accounts/IssuedAuthSubTokens won't take your users to the Authorized Access to your Google Account page. Instead, instruct your users to follow these steps to generate an application-specific password for their mobile device.
See Tips for deploying to users for more information.
As part of our security policy, we're moving to a new sign in process for our Google Apps accounts, called 2-Step Verification. 2-Step Verification adds an extra layer of security by requiring you to enter a verification code (similar to a PIN) after you enter your usual username and password to sign in. You receive the verification code through your mobile phone.
Why are we doing this?
2-Step Verification helps protect your account from unauthorized access due to a compromised password. Even if your password is cracked, guessed, or otherwise stolen, an attacker can't sign in without a verification code, which only you can obtain via your own mobile phone.
Here's what you'll see when you sign in with the new 2-Step Verification process:
Next steps for you:
- Sign up for the training session (If you have set up a demo or training session for your users)
- Be sure to have a mobile phone available. The verification code is sent by text message or voice call, or can be generated by Google Authenticator, a mobile application you download to your Android, BlackBerry, or iPhone.
- Set up your account for 2-Step Verification! Follow the instructions here.
- (date): Enrollment in 2-Step Verification starts
- (date): Deployment day where IT staff can assist you with setup
- (date): Additional demonstration/support sessions available
- (date): You should be registered and using 2-Step Verification!
2-Step Verification FAQ
When do I need to enter a verification code? Do I need to enter the code every time I sign in?
You need to enter a new code every 30 days or after deleting your web browser's cookies. On the sign in page click the option to "Remember verification for your computer" on your computer, and you won't have to re-enter your code for 30 days. Do not select this option for a public computer, such as a shared computer in an Internet cafe.
The verification code is used only to sign in to your Google Apps account and not any other of our company's applications.
Will my password change?
No, your password stays the same.
What if I don't have my mobile phone when I need to sign in or I have trouble with the codes?
During the setup process, you will receive codes that you can write down and use when you don't have your phone. Otherwise, you can contact (your company's support contact), who can temporarily disable 2-Step Verification.
I just enrolled in 2-Step Verification, and now I can't access email on my phone.
After you enroll in 2-Step Verification, for any mobile devices or desktop applications that stop accessing Google (including IMAP email clients), create an application-specific password and enter it into the device/application instead of your normal password. This is a one-time process--(see Application-specific passwords).