How to Use Two-Factor
Once you’ve set up two-factor authentication, you’re ready to log in to your TMU accounts and provide verification codes whenever asked. Here are a few pointers on how to use two-factor at TMU:
Using two-factor with a mobile device
If you’ve chosen to generate codes with a mobile device, this means you’ll need to open the Google Authenticator app every time you’re asked for a verification code during logins to your TMU account.
Always keep Google Authenticator installed
- Since two-factor is a requirement for many apps at TMU, you will be using it on a regular basis to generate verification codes.
- Don’t delete the Google Authenticator app or your account from within it—you’ll need it for the entire duration of your time at TMU.
- When logging in to your TMU account, enter your my.torontomu username and password.
- Afterwards, a two-factor authentication screen will prompt you for a one-time verification code.
- At this point, open the Google Authenticator app on your mobile device to retrieve a code and enter it to log in.
Tip: If you’d rather not type in a code every time you log in, you can select the box, “I trust this browser on this device. Don’t ask for codes for 30 days.” This means you trust the browser on the device you’re using and you’ll only be prompted for a verification code once every 30 days.
Using two-factor with a U2F security key
If you’ve chosen to authenticate two-factor using a universal second factor (U2F) key, this means you’ll need the key on-hand every time you’re asked for a verification code during logins to your TMU account.
Note U2F keys will only work with a Chrome or Firefox browser.
- When logging in to your TMU account, enter your my.torontomu username and password.
- Afterwards, a two-factor authentication screen will prompt you to insert your U2F key.
- At this point, insert the U2F key into a USB port on your computer.
- Select on NEXT
- Once the key starts blinking, do one of the following, depending on the style of key you have:
- Press the raised button on the key; or
- Touch the metal sensor plate on the surface of the key; or
- Touch the metal sensor prongs on either side of the key.
- Once the key starts blinking, do one of the following, depending on the style of key you have:
- You may be prompted with a screen confirming your key has been accepted.
- When the screen shows you’ve logged in, you can remove the key.
Tip: If you’d rather not type in a code every time you log in, you can select the box, “I trust this browser on this device. Don’t ask for codes for 30 days.” This means you trust the browser on the device you’re using and you’ll only be prompted for a verification code once every 30 days.
If you’re ever without your key, you still have the option of entering a code by clicking the link, “Log in with verification code instead”.
Using two-factor with an OTV code generator
If you’ve chosen to generate codes with a one-time verification (OTV) code generator, this means you’ll need the device on-hand every time you’re asked for a verification code during logins to your TMU account.
- When logging in to your TMU account, enter your my.torontomu username and password.
- Afterwards, a two-factor authentication screen will prompt you for a one-time verification code.
- At this point, press the button on your OTV code generator to retrieve a code and enter it to log in.
Tip: If you’d rather not type in a code every time you log in, you can select the box, “I trust this browser on this device. Don’t ask for codes for 30 days.” This means you trust the browser on the device you’re using and you’ll only be prompted for a verification code once every 30 days.
Tips for making two-factor work for you
If you’re using a browser on a device that no one else uses, consider selecting the option “I trust this browser on this device. Don’t ask for codes for 30 days” upon your next TMU account login.
How does it work?
This feature uses a cookie to remember your device. The cookie itself doesn’t contain any information about you or the device you’re using. Instead, it verifies that you’re using a device that you previously registered.
Removing trusted browsers
To remove devices from your list of trusted devices, you can:
- Delete all cookies from the browser on your device; or
- Log in to the my.torontomu portal with your username and password
- Find the Self Service module under the my.torontomu tab and select Personal Account.
- Under the Security section, select Two-Factor Authentication.
- Find the section called The following are registered as trusted browsers/devices and select the button to Revoke all Trusted Devices.
Troubleshooting issues with trusted browsers
If you’re prompted to enter a verification code despite having opted to trust a browser on a device, try the following solutions:
Make sure cookies are enabled on your browser
Cookies must be enabled and allowed to store on your computer as the “trust this browser” option will not work if your browser doesn’t have cookies enabled; is set to delete cookies after a certain period of time; or is set to delete cookies every time you quit the browser.
“Trust” browsers and devices one-by-one
If you use different browsers or devices, each one needs to be designated as a trusted browser or device the first time you sign in with it.
For example, trusting Chrome on your desktop does not automatically mean Chrome is trusted on your laptop or mobile device—you must opt to trust Chrome on every device you sign in from.
Check if you’re browsing in incognito or privacy mode
Since incognito or private browsing windows cannot access existing cookies from other browser sessions on your device, it won’t know if you’ve previously designated the browser as a trusted browser. If you want to use the “trust this browser” option, sign in to your TMU account using a regular browsing window.
If your phone is ever upgraded, lost or stolen, you will be locked out of your TMU account. This is because your account is configured to be used only with the phone or U2F key you had at the time of two-factor setup.
What can you do?
Generate backup codes ahead of time so they can be used in the event your phone is replaced or goes missing. Here’s how:
- On your computer, log in to the my.torontomu portal with your username and password.
- Find the Self Service module under the my.torontomu tab and select Personal Account.
- Under the Security section, select Two-Factor Authentication.
- Select the Generate new backup codes button.
Write down the codes and keep them in a safe place where you can easily retrieve them when needed.
Is it too late?
If you no longer have the phone you used to set up two-factor authentication, check out your options on the Locked Out? New Phone? page.
Where you can expect to use two-factor
Two-factor authentication is widely used at TMU and the number of systems requiring it use is continually growing. Learn more about the apps that require two-factor.