Multi-Factor Authentication

What is Multi-Factor Authentication (MFA)?

Simply typing a username and password to get into an account isn't very secure. To keep unauthorized people out of your accounts, you may be asked for another piece of verification after you type your username and password to prove that you are you.

How do I set it up?

1Hope Accounts

If you are an active Faculty, Staff, or Student, you will be prompted to set up MFA every time you log in until you have it set up. You will be locked out of your account if you fail to do so.

Your 1Hope Account uses Google's 2-Step Authentication. You can choose one or more options for "second steps":

GOOGLE PROMPT (RECOMMENDED)

This will send a simple pop-up notification on your phone every time someone tries to log into your account, allowing you to see where the person is located and "approve" or "deny" the request.

On iPhone, you’ll need to download and install the Gmail app and log in with your 1Hope Account.
On Android, it will work without any additional app as long as you’re logged into your 1Hope Account in Android settings.

1. To get started, go to your 1Hope Account’s 2-Factor Settings.
2. If you see Use your phone as your second step to sign in on the page and a listing of your device(s) under These devices can get prompts, click Continue.
   If you don’t, click Show More Options, then click Google Prompt.
3. Click Continue.
4. It will ask if you would like to set up a phone number as a backup option. You are free to choose this, or click Use another backup option to generate one-time-use backup codes.
5. Click Next.
6. Click Turn on.
7. You’re done!
   

More information on Google's website 

PHYSICAL MFA SECURITY KEY

This is a hardware device that you could purchase that you plug into or pair with your computer or phone via USB, Bluetooth, or NFC. Common choices include YubiKey or Google's Titan Key.

1. To get started, go to your 1Hope Account’s 2-Factor Settings.

Set up and manage Google 2-Step Verification 

2. Click Show more options and click Security key.
3. Click Next.
4. Plug in or pair your key and tap the button or gold disc on the device.
5. Type in a Name for your security key and click Done.
6. You're done!

More information on Google's website Learn more about MFA key choices 

AUTHENTICATOR APP

This is an app that will constantly generate 6-digit codes on your device for you to enter. Popular choices include Authy, Google Authenticator, or your password manager.

1. To get started, go to your 1Hope Account’s 2-Factor Settings.
2. Follow the steps below to set up Text Message or Voice Call 2-Step Verification.
3. On the 2-Step Verification settings screen, click Set Up under Authenticator App.
4. Choose what kind of phone you have and click Next.
5. Open your app, tap add a new account, follow the app’s instructions, and scan the QR Code.
6. When the app starts showing you 6-digit codes, click Next and enter the code.
7. Click Verify.
8. You’re done!
   

More information on Google's website 

TEXT MESSAGE OR VOICE CALL

This will send you a text message or call you with a 6-digit code that you’ll have to enter.

1. To get started, go to your 1Hope Account’s 2-Factor Settings.
2. If you see Let's set up your phone on the page, enter your phone number and click Continue.
   If you don’t, click Show More Options, then click Text message or phone call.
3. Click Next.
4. You will receive a text message or phone call with the 6-digit code. Enter it and click Next.
5. Click Turn on.
6. You’re done!
   

ONE-TIME-USE BACKUP CODES (RECOMMENDED)

CIT recommends generating 10 one-time-use codes and keeping them somewhere safe, such as your wallet. As described below, these backup codes are meant as an emergency option to be able to log in if the above method not be available to you.

Create and view your backup codes 

CIT recommends choosing "Google prompts" for most users. This is automatically enabled when you sign into the Gmail app on iOS or when you sign into any Android phone. This sends a pop-up to your device(s) to confirm that you'd like to sign in. This option also works over WiFi or cellular and is great for areas where you don't have great cell phone service.

Set up and manage Google 2-Step Verification 

plus.hope.edu Accounts

Active Faculty, Staff, and Students who log into the "Secure Area" on plus.hope.edu, Blite, and other Banner services will need to enter their Hope ID as their username and their password. Afterward, you will receive an email sent to your 1Hope Account containing a verification code that you will use in order to log in.

What if I lose my phone or MFA device?

You have the option to generate "Backup Codes" after you set up MFA. If you're unable to use MFA sometime in the future, these one-time-use codes will allow you into your account. CIT recommends printing these codes out and keeping them somewhere safe, such as your wallet.

What if I'm travelling and won't have cell phone service?

All of the above options will work over WiFi (without cell phone service) except for the SMS text message or voice call option. If you have Google prompts enabled, things should work as expected while connected to a WiFi network at a hotel or coffee shop. CIT would recommend having another backup option enabled as well, such as setting up an Authenticator App or purchasing a phyiscal MFA security key. Lastly, it's always a good idea to have printed one-time-use backup codes kept in wallet or safe place in case all other options fail.

I need more help!

As always, if you need more help logging into your account or setting up MFA, contact the Help Desk at cit@hope.edu or x7670.