You are now in the main content area

Two-Factor Authentication

What is two-factor?

Two-factor authentication provides a second level of security for your Ryerson account. In addition to your password, a time-limited code is required to log in. That way, even if someone steals your password, they may be prevented from hijacking your account when it’s protected by two-factor.

Codes are generated by devices you have with you. The device can be a mobile phone, a universal second factor (U2F) security key or a one-time verification (OTV) code generator.

Setting up for the first time

If this is the first time you’re enabling two-factor on your Ryerson account, visit our setting up two-factor authentication page for details related to mobile device, U2F security key and OTV code generator setup.

Getting the full effect

CCS recommends using two-factor for all applications. If you've already set up two-factor for required applications only, learn how you can enable two-factor for all applications.

Using and revoking two-factor

Once your device is set up, a two-factor authentication screen will prompt you for a verification code after you sign in with your Ryerson username and password.

The code is generated by the Google Authenticator app you’ve installed on your mobile device or from your assigned one-time verification code generator.

One-time verification code screen

Note the option to select I trust this browser on this device. Don’t ask for codes for 30 days. Checking this box means you trust the browser on the device you’re using and the authenticator will only prompt you for a verification code once every 30 days.

Once your U2F key is set up, a two-factor authentication screen will prompt you to insert the key whenever you sign in with your Ryerson username and password. Note the U2F key will only work with a Chrome or Firefox browser.

Screenshot of the authentication screen for U2F-enabled accounts

To proceed, take the following steps:

  1. Insert the U2F key into a USB port on your computer.
  2. Once the key starts blinking, do one of the following, depending on the style of key you have:
    1. Touch the metal sensor plate on the surface of the key; or
    2. Touch the metal sensor prong on either side of the key; or
    3. Press the raised button on the surface or end of the key.
  3. When the screen shows you’ve logged in, you may remove the key.


If you’re ever without your key, you still have the option of entering a code by clicking the link, Log in with one-time verification code instead.

To revoke two-factor authentication use on your Android device, you’ll need to update your Ryerson account as well as your mobile device. Some of the reasons you might want to do this include:

  • you no longer trust a device
  • you clicked the trust option out of habit on a shared device and need to undo it
  • your device is no longer in your possession either because it’s lost or you’ve lent it to someone else

Update your Ryerson account

  1. Log in to the my.ryerson portal with your username and password.
  2. Look for the Self Service module and click Personal Account.
  3. Under the Security section, click Two-Factor Authentication.
  4. Under Mobile Device you can click Revoke next to the Mobile Device listing.

At the bottom of the screen, you’ll find a listing of all your trusted browsers and devices. If you need to clear your entire list, click the Revoke all trusted devices link.

Update Your Android Device

On your android device, open the Authenticator app.

Google Authenticator App icon

Tap and hold on the verification code until you see menu options appear at the top of the screen.

Google Authenticator window. Verification code shown on screen.

Tap the garbage bin icon to remove the code and your account.

Garbage bin icon highlighted on the top right of the screen

1. Next you’ll find a confirmation screen. Read the warning and if you’d like to proceed, tap the Remove Account option.

2. Close the app

Confirm account removal screen

To revoke two-factor authentication use on your iOS device, you’ll need to update your Ryerson account as well as your mobile device. Some of the reasons you might want to do this include:

  • you no longer trust a device
  • you clicked the trust option out of habit on a shared device and need to undo it
  • your device is no longer in your possession either because it’s lost or you’ve lent it to someone else

Update your Ryerson account

  1. Log in to the my.ryerson portal with your username and password.
  2. Look for the Self Service module and click Personal Account.
  3. Under the Security section, click Two-Factor Authentication.
  4. Under Mobile Device you can click Revoke next to the Mobile Device listing.

At the bottom of the screen, you’ll find a listing of all your trusted browsers and devices. If you need to clear your entire list, click the Revoke all trusted devices link.

Update Your iOS Device

On your iOS device, open the Authenticator app.

Google Authenticator App icon

Tap the pencil icon in the top-right corner to edit.

 

Pencil icon highlighted

In the Ryerson University tile, tap on the circle on the far-right of the screen to select it and then tap the Delete option that pops up at the bottom of your screen.

Authenticator delete screen

1. Next you’ll find a confirmation screen. Read the warning and if you’d like to proceed, tap the Remove Account option.

2. Close the app.

 

Account removal confirmation screen

To revoke use of an OTV generator device, you’ll need to update your Ryerson account. Some of the reasons you might want to do this include:

  • you no longer trust a device
  • you clicked the trust option out of habit on a shared device and need to undo it
  • your device is no longer in your possession either because it’s lost or you’ve lent it to someone else

Revoke an OTV generator device:

  1. Log in to the my.ryerson portal with your username and password.
  2. Under the Self Service module, click Personal Account.
  3. Find the Security section and click Two-Factor Authentication.
  4. Under One-Time Verification Code Generator you can click Revoke next to the One-Time Verification Code Generator listing.

If you need to clear your entire list of trusted browsers and devices, scroll to the bottom of the screen and click the Revoke all trusted devices link.

To revoke use of a U2F security key, you’ll need to update your Ryerson account. Some of the reasons you might want to do this include:

  • you no longer trust a device
  • you clicked the trust option out of habit on a shared device and need to undo it
  • your device is no longer in your possession either because it’s lost or you’ve lent it to someone else

Revoke a U2F security key:

  1. Log in to the my.ryerson portal with your username and password.
  2. Under the Self Service module, click Personal Account.
  3. Find the Security section and click Two-Factor Authentication.
  4. Under U2F Security Key you can click Revoke next to the U2F Security Key listing.

Frequently Asked Questions 

If you don't have a compatible mobile device, two-factor can also be set up with a U2F security key or one-time verification code generator. Both options can be purchased with approval from your manager.

On mobile devices
Open the Google Authenticator app that you installed on your mobile device to use the one-time verification code it displays.

With U2F security keys
Insert the U2F key into a USB port on your computer. Once the key starts blinking, do one of the following, depending on the style of key you have:

  • Touch the metal sensor plate on the surface of the key; or
  • Touch the metal sensor prong on either side of the key; or
  • Press the raised button on the surface or end of the key.

On one-time verification code generators
Turn on the device and use the one-time verification code it displays. The device will turn itself off once the code expires.

If you’re using a computer you control (as opposed to someone else’s computer or a shared machine), you can tell the authentication service to not ask again for 30 days. Look for and select the I trust this browser on this device check box after entering your one-time verification code.

This feature uses a cookie to remember your device. The cookie itself doesn’t contain any information about you or the device you’re using. Instead, it verifies that you’re using a device you previously registered.

Remember to only use this feature for browsers on devices that are not shared with other people such as a personal workstation, laptop or mobile device.

Adding trusted browsers

You can add your browser to the trusted list by selecting "I trust this browser on this device. Don't ask for codes again" after entering your verification code.

Removing trusted browsers from your list

To remove devices from your set of trusted devices:

  • Delete all browser cookies from your device, or
  • Log into my.ryerson.ca. Select Self Service > Personal Account > Security > Two-Factor Authentication > Revoke all Trusted Devices.

If you’re prompted to enter a verification code despite having selected “I trust this browser on this device. Don’t ask for codes again”, try the following solutions:

Make sure cookies are enabled on your browser.

The “trust this browser” option will not work if your browser doesn’t have cookies enabled, is set to delete cookies after a certain period of time or is set to delete cookies every time you quit the browser.

Designate different browsers and devices as “trusted” browsers/devices one-by-one.

If you use different browsers or devices, each one needs to be designated as a trusted browser or device the first time you sign in on it. For example, trusting Chrome on your desktop does not automatically mean Chrome is trusted on your laptop or mobile device - you must select I trust this browser on this device. Don’t ask for codes again. for Chrome on every device you sign in from.

Check if you’re browsing in incognito or privacy mode.

Incognito or private browsing windows can't access existing cookies from other browser sessions on your device, so it won’t know if you’ve previously designated the browser as trusted. If you want to use the “trust this browser” option, sign into CAS using a regular browsing window.

Ryerson’s two-factor authentication system does not use text messaging, mobile data or wifi when you access the authenticator app. You’ll just need to set up the authenticator app and you’re good to go.

At the time of two-factor authentication setup, you can opt to receive a set of one-time backup codes that you can print and keep in your wallet.

Before replacing any mobile device you’re using for two-factor, you should generate two-factor backup codes. Otherwise, you may be locked out of your account during the transition to your new device. Here’s how:

  1. Using your computer, log in to the my.ryerson portal with your username and password.
  2. Find the Self Service module under the my.ryerson tab and click Personal Account.
  3. Under the Security section, click Two-Factor Authentication.
  4. Click Generate New Backup Codes.

Next, you’ll need to revoke two-factor authentication from your old device:

  1. Using your computer, log in to the my.ryerson portal with your username and password.
  2. Find the Self Service module under the my.ryerson tab and click Personal Account.
  3. Under the Security section, click Two-Factor Authentication.
  4. Under Two-Factor authentication is set up for: click Revoke next to the Mobile Device listing.
  5. At the bottom of the page, you’ll find a listing of all your trusted browsers and devices. If your old device is listed, click the Revoke all trusted devices link.

Now you’re ready to set up your new device by installing Google Authenticator onto your new phone. Follow the steps for Android or iOS devices, including the steps for Part two: Add two-factor to your Ryerson account.

Once setup is complete, we recommend securely erasing or wiping your old device before disposing of it. For help doing this, contact your mobile device carrier or manufacturer.

Some email clients support two-factor with IMAP. Check your email software to see if OAuth 2.0 is an option in your software’s IMAP configuration. If it isn’t, then use an application-specific password, which is more secure than your regular password - we call it a Google token. For help setting this up, see our page on how to Get a Google Token.

If you don’t have a supported mobile device, check with your department for approval purchasing a universal second factor (U2F) security key or a one-time verification (OTV) code generator.

U2F security keys can be purchased for use with Google Chrome or Firefox browsers. The least expensive model is likely the HyperFIDO Mini which normally retails for about $10.

Similarly, a small one-time verification (OTV) code generator device can be used instead of your phone. They’re available from Computing and Communications Services (CCS) for $30 and can be requested using the One-Time Verification (OTV) Code Generator Request Form on the CCS website.

Important note

Alert

To reduce account hijackings, employees are now required to have two-factor authentication to log in to eHR, RAMSS, D2L Brightspace and Library eResources.

As of January 23, 2019, two-factor will also be required to access Gmail and all other G Suite apps.

Explore More