Two-Factor Authentication
Two-factor authentication provides a second level of security for your Ryerson account. In addition to your password, a time-limited code is required to log in. That way, even if someone steals your password, they may be prevented from hijacking your account when it’s protected by two-factor.
Codes are generated by devices you have with you. The device can be a mobile phone, a universal second factor (U2F) security key or a one-time verification (OTV) code generator.
Setting up for the first time
If this is the first time you’re enabling two-factor on your Ryerson account, visit our setting up two-factor authentication page for details related to mobile device, U2F security key and OTV code generator setup.
If you are not required to use two-factor and have chosen to set it up, CCS recommends ensuring your two-factor settings are applied to all applications. Learn how you can enable two-factor for all applications.
Using and revoking two-factor
If you’re using a mobile device or using a one-time verification code generator to produce codes for two-factor authentication, you’ll need the device on-hand during logins with your Ryerson username and password.
After inputting your username and password, a two-factor authentication screen will prompt you for a verification code. Please launch the Google Authenticator app on your mobile device or press the button on your OTV code generator to retrieve a code to log in.
If you’d rather not type in a code each time you log in, you can select the box indicating I trust this browser on this device. Don’t ask for codes for 30 days. This means you trust the browser on the device you’re using and you’ll only be prompted for a verification code once every 30 days.
If you’re using a universal second factor (U2F) key to generate codes for two-factor authentication, you’ll need the key on-hand during logins with your Ryerson username and password. Note U2F keys will only work with a Chrome or Firefox browser.
After inputting your username and password, a two-factor authentication screen will prompt you to insert the key. To proceed, take the following steps:
- Insert the U2F key into a USB port on your computer.
- Once the key starts blinking, do one of the following, depending on the style of key you have:
- Press the raised button on the key; or
- Touch the metal sensor plate on the surface of the key; or
- Touch the metal sensor prongs on either side of the key.
You may be prompted with a screen that your key as been accepted. Click Next
- When the screen shows you’ve logged in, you can remove the key.
If you’d rather not type in a code each time you log in, you can select the box indicating I trust this browser on this device. Don’t ask for codes for 30 days. This means you trust the browser on the device you’re using and you’ll only be prompted for a verification code once every 30 days.
If you’re ever without your key, you still have the option of entering a code by clicking the link, Log in with verification code instead.
To revoke two-factor authentication use on your Android device, you’ll need to update your Ryerson account as well as your mobile device. Some of the reasons you might want to do this include:
- you no longer trust a device
- you clicked the trust option out of habit on a shared device and need to undo it
- your device is no longer in your possession either because it’s lost or you’ve lent it to someone else
Update your Ryerson account
- Log in to the my.ryerson portal with your username and password.
- Find the Self Service module and click Personal Account.
- Under the Security section, click Two-Factor Authentication.
- Under the Mobile Device heading, click the Revoke button next to the mobile device you'd like to remove.
Alternatively, you can quickly revoke all your trusted devices and browsers by clicking the Revoke all button near the top of the page.
Update Your Android Device
On your android device, open the Authenticator app.
Tap and hold on the verification code until you see menu options appear at the top of the screen.
Tap the garbage bin icon to remove the code and your account.
1. Next you’ll find a confirmation screen. Read the warning and if you’d like to proceed, tap the Remove Account option.
2. Close the app
To revoke two-factor authentication use on your iOS device, you’ll need to update your Ryerson account as well as your mobile device. Some of the reasons you might want to do this include:
- you no longer trust a device
- you clicked the trust option out of habit on a shared device and need to undo it
- your device is no longer in your possession either because it’s lost or you’ve lent it to someone else
Update your Ryerson account
- Log in to the my.ryerson portal with your username and password.
- Find the Self Service module and click Personal Account.
- Under the Security section, click Two-Factor Authentication.
- Under the Mobile Device heading, click the Revoke button next to the mobile device you'd like to remove.
Alternatively, you can quickly revoke all your trusted devices and browsers by clicking the Revoke all button near the top of the page.
Update Your iOS Device
On your iOS device, open the Authenticator app.
Tap the pencil icon in the top-right corner to edit.
In the Ryerson University tile, tap on the circle on the far-right of the screen to select it and then tap the Delete option that pops up at the bottom of your screen.
1. Next you’ll find a confirmation screen. Read the warning and if you’d like to proceed, tap the Remove Account option.
2. Close the app.
To revoke use of an OTV generator device, you’ll need to update your Ryerson account. Some of the reasons you might want to do this include:
- you no longer trust a device
- you clicked the trust option out of habit on a shared device and need to undo it
- your device is no longer in your possession either because it’s lost or you’ve lent it to someone else
Revoke an OTV generator device:
- Log in to the my.ryerson portal with your username and password.
- Find the Self Service module, click Personal Account.
- Under the Security section and click Two-Factor Authentication.
- Under the One-Time verification code generator heading, click Revoke button next to the generator listed.
Alternatively, you can quickly revoke all your trusted devices and browsers by clicking the Revoke all button near the top of the page.
To revoke use of a U2F security key, you’ll need to update your Ryerson account. Some of the reasons you might want to do this include:
- you no longer trust a device
- you clicked the trust option out of habit on a shared device and need to undo it
- your device is no longer in your possession either because it’s lost or you’ve lent it to someone else
Revoke a U2F security key:
- Log in to the my.ryerson portal with your username and password.
- Find the Self Service module, click Personal Account.
- Under the Security section and click Two-Factor Authentication.
- Under the U2F security keys heading, click the Revoke button next to the key you'd like to remove.
If you don’t have a supported mobile device, you have the option of purchasing a universal second factor (U2F) security key for use with Google Chrome or Firefox browsers. The least expensive model is likely the HyperFIDO Mini which normally retails for around $10 and can be purchased online or at the Ryerson University Campus Store.
Ryerson employees can check with their faculties or departments for approval purchasing a U2F key or one-time verification (OTV) code generator. OTV code generators are available from CCS for $30 and can be requested using the One-Time Verification (OTV) Code Generator Request Form on the CCS website.
On mobile devices
Open the Google Authenticator app that you installed on your mobile device to use the verification code it displays.
With U2F security keys
Insert the U2F key into a USB port on your computer. Once the key starts blinking, do one of the following, depending on the style of key you have:
- Touch the metal sensor plate on the surface of the key; or
- Touch the metal sensor prong on either side of the key; or
- Press the raised button on the surface or end of the key.
On one-time verification code generators
Turn on the device and use the verification code it displays. The device will turn itself off once the code expires.
Yes. Check out our listing of apps that require two-factor authentication to log in.
If you’re using a computer you control (as opposed to someone else’s computer or a shared machine), you can tell the authentication service to not ask again for 30 days. Look for and select the I trust this browser on this device check box after entering your verification code.
This feature uses a cookie to remember your device. The cookie itself doesn’t contain any information about you or the device you’re using. Instead, it verifies that you’re using a device you previously registered.
Remember to only use this feature for browsers on devices that are not shared with other people such as a personal workstation, laptop or mobile device.
Adding trusted browsers
You can add your browser to the trusted list by selecting "I trust this browser on this device. Don't ask for codes again" after entering your verification code.
Removing trusted browsers from your list
To remove devices from your set of trusted devices:
- Delete all browser cookies from your device, or
- Log into my.ryerson.ca, opens in new window. Select Self Service > Personal Account > Security > Two-Factor Authentication > Revoke all Trusted Devices.
If you’re prompted to enter a verification code despite having selected “I trust this browser on this device. Don’t ask for codes again”, try the following solutions:
Make sure cookies are enabled on your browser.
The “trust this browser” option will not work if your browser doesn’t have cookies enabled, is set to delete cookies after a certain period of time or is set to delete cookies every time you quit the browser.
Designate different browsers and devices as “trusted” browsers/devices one-by-one.
If you use different browsers or devices, each one needs to be designated as a trusted browser or device the first time you sign in on it. For example, trusting Chrome on your desktop does not automatically mean Chrome is trusted on your laptop or mobile device - you must select I trust this browser on this device. Don’t ask for codes again. for Chrome on every device you sign in from.
Check if you’re browsing in incognito or privacy mode.
Incognito or private browsing windows can't access existing cookies from other browser sessions on your device, so it won’t know if you’ve previously designated the browser as trusted. If you want to use the “trust this browser” option, sign into CAS using a regular browsing window.
If you get a new phone, the following steps are necessary because restoring a phone backup to a new phone will not restore two-factor settings in Google Authenticator.
Generate Two-factor Backup Codes
Before replacing any mobile device you’re using for two-factor, you should generate two-factor backup codes. Otherwise, you may be locked out of your account during the transition to your new device. Here’s how:
- Using your computer, log in to the my.ryerson portal with your username and password.
- Find the Self Service module under the my.ryerson tab and click Personal Account.
- Under the Security section, click Two-Factor Authentication.
- Click Generate New Backup Codes.
Use the Transfer Accounts Option
If you are replacing a mobile device that you are using for two-factor, you can transfer your two-factor settings to your new device. Make sure you have the latest version of Authenticator on your old phone by checking for updates in the Play Store on Android or the App Store on iPhone. You'll need to have the Google Authenticator installed on your new phone, too. Here are the steps to follow.
- Have both your existing and new devices on hand.
- On your existing device, open the Google Authenticator app.
- Tap the ellipsis (3 dots) icon in the header, select Transfer Accounts then Export accounts. You may be asked to verify your identity via a fingerprint, password, or another method. Follow the on-screen instructions.
- On your new phone, open the Google Authenticator app.
- Tap the ellipsis (3 dots) icon in the header, select Transfer Accounts then Import accounts. Next select Scan QR code. Follow the prompts to finish the transfer process.
- Once you have transferred your settings, we recommend erasing your two-factor settings on your old device.
Revoke Two-Factor Authentication from the Old Device
Once the settings have successfully been transferred to the new device you’ll need to revoke two-factor authentication from your old device:
On an iPhone:
- Tap the ellipsis (3 dots) icon in the header, select Edit.
- Tap the pencil icon next to username@ryerson.ca
- Tap the trash can icon.
- Follow the on screen instructions.
On an Android:
- Tap the username@ryerson.ca and verfication code.
- Tap the trash can icon.
- Follow the on screen instructions.
Note: If you were not able to use the Google Authenticator app Transfer option, you can set up your new device by installing Google Authenticator onto your new phone. Follow the steps for Android or iOS devices, including the steps for Part two: Add two-factor to your Ryerson account.
Once setup is complete, we recommend securely erasing or wiping your old device before disposing of it. For help doing this, contact your mobile device carrier or manufacturer.
Ryerson’s two-factor authentication system does not use text messaging, mobile data or wifi when you access the authenticator app. You’ll just need to set up the authenticator app and you’re good to go.
In your two-factor authentication settings, you can opt to generate one-time-use backup codes that can be kept as a recovery option if you cannot access your mobile device. We recommend printing and and keeping a copy in your wallet.
Some email clients support two-factor with IMAP. Check your email software to see if OAuth 2.0 is an option in your software’s IMAP configuration. If it isn’t, then use an application-specific password, which is more secure than your regular password - we call it a Google token. For help setting this up, see our page on how to Get a Google Token.