Two-Factor Authentication

If you’re using a mobile device or using a one-time verification code generator to produce codes for two-factor authentication, you’ll need the device on-hand during logins with your Ryerson username and password.

After inputting your username and password, a two-factor authentication screen will prompt you for a verification code. Please launch the Google Authenticator app on your mobile device or press the button on your OTV code generator to retrieve a code to log in.

If you’d rather not type in a code each time you log in, you can select the box indicating I trust this browser on this device. Don’t ask for codes for 30 days. This means you trust the browser on the device you’re using and you’ll only be prompted for a verification code once every 30 days.

If you’re using a universal second factor (U2F) key to generate codes for two-factor authentication, you’ll need the key on-hand during logins with your Ryerson username and password. Note U2F keys will only work with a Chrome or Firefox browser.

After inputting your username and password, a two-factor authentication screen will prompt you to insert the key. To proceed, take the following steps:

1. Insert the U2F key into a USB port on your computer.
2. Once the key starts blinking, do one of the following, depending on the style of key you have:
   1. Press the raised button on the key; or
   2. Touch the metal sensor plate on the surface of the key; or
   3. Touch the metal sensor prongs on either side of the key.
3. When the screen shows you’ve logged in, you can remove the key.

If you’re ever without your key, you still have the option of entering a code by clicking the link, Log in with verification code instead.

To revoke two-factor authentication use on your Android device, you’ll need to update your Ryerson account as well as your mobile device. Some of the reasons you might want to do this include:

• you no longer trust a device
• you clicked the trust option out of habit on a shared device and need to undo it
• your device is no longer in your possession either because it’s lost or you’ve lent it to someone else

Update your Ryerson account

1. Log in to the my.ryerson portal with your username and password.
2. Find the Self Service module and click Personal Account.
3. Under the Security section, click Two-Factor Authentication.
4. Under the Mobile Device heading, click the Revoke button next to the mobile device you'd like to remove.
   

Alternatively, you can quickly revoke all your trusted devices and browsers by clicking the Revoke all button near the top of the page.

To revoke two-factor authentication use on your iOS device, you’ll need to update your Ryerson account as well as your mobile device. Some of the reasons you might want to do this include:

• you no longer trust a device
• you clicked the trust option out of habit on a shared device and need to undo it
• your device is no longer in your possession either because it’s lost or you’ve lent it to someone else

Update your Ryerson account

1. Log in to the my.ryerson portal with your username and password.
2. Find the Self Service module and click Personal Account.
3. Under the Security section, click Two-Factor Authentication.
4. Under the Mobile Device heading, click the Revoke button next to the mobile device you'd like to remove.
   

Alternatively, you can quickly revoke all your trusted devices and browsers by clicking the Revoke all button near the top of the page.

Update Your iOS Device

To revoke use of an OTV generator device, you’ll need to update your Ryerson account. Some of the reasons you might want to do this include:

• you no longer trust a device
• you clicked the trust option out of habit on a shared device and need to undo it
• your device is no longer in your possession either because it’s lost or you’ve lent it to someone else

Revoke an OTV generator device:

1. Log in to the my.ryerson portal with your username and password.
2. Find the Self Service module, click Personal Account.
3. Under the Security section and click Two-Factor Authentication.
4. Under the One-Time verification code generator heading, click Revoke button next to the generator listed.

Alternatively, you can quickly revoke all your trusted devices and browsers by clicking the Revoke all button near the top of the page.

To revoke use of a U2F security key, you’ll need to update your Ryerson account. Some of the reasons you might want to do this include:

• you no longer trust a device
• you clicked the trust option out of habit on a shared device and need to undo it
• your device is no longer in your possession either because it’s lost or you’ve lent it to someone else

Revoke a U2F security key:

1. Log in to the my.ryerson portal with your username and password.
2. Find the Self Service module, click Personal Account.
3. Under the Security section and click Two-Factor Authentication.
4. Under the U2F security keys heading, click the Revoke button next to the key you'd like to remove.

If you don’t have a supported mobile device, you have the option of purchasing a universal second factor (U2F) security key for use with Google Chrome or Firefox browsers. The least expensive model is likely the HyperFIDO Mini which normally retails for around $10 and can be purchased online or at the Ryerson University Campus Store.

Ryerson employees can check with their faculties or departments for approval purchasing a U2F key or one-time verification (OTV) code generator. OTV code generators are available from CCS for $30 and can be requested using the One-Time Verification (OTV) Code Generator Request Form on the CCS website.

On mobile devices
Open the Google Authenticator app that you installed on your mobile device to use the verification code it displays.

With U2F security keys
Insert the U2F key into a USB port on your computer. Once the key starts blinking, do one of the following, depending on the style of key you have:

• Touch the metal sensor plate on the surface of the key; or
• Touch the metal sensor prong on either side of the key; or
• Press the raised button on the surface or end of the key.

On one-time verification code generators
Turn on the device and use the verification code it displays. The device will turn itself off once the code expires.

Yes. Check out our listing of apps that require two-factor authentication to log in.

If you’re using a computer you control (as opposed to someone else’s computer or a shared machine), you can tell the authentication service to not ask again for 30 days. Look for and select the I trust this browser on this device check box after entering your verification code.

This feature uses a cookie to remember your device. The cookie itself doesn’t contain any information about you or the device you’re using. Instead, it verifies that you’re using a device you previously registered.

Remember to only use this feature for browsers on devices that are not shared with other people such as a personal workstation, laptop or mobile device.

Adding trusted browsers

You can add your browser to the trusted list by selecting "I trust this browser on this device. Don't ask for codes again" after entering your verification code.

Removing trusted browsers from your list

To remove devices from your set of trusted devices:

• Delete all browser cookies from your device, or
• Log into my.ryerson.ca. Select Self Service > Personal Account > Security > Two-Factor Authentication > Revoke all Trusted Devices.

If you’re prompted to enter a verification code despite having selected “I trust this browser on this device. Don’t ask for codes again”, try the following solutions:

Make sure cookies are enabled on your browser.

The “trust this browser” option will not work if your browser doesn’t have cookies enabled, is set to delete cookies after a certain period of time or is set to delete cookies every time you quit the browser.

Designate different browsers and devices as “trusted” browsers/devices one-by-one.

If you use different browsers or devices, each one needs to be designated as a trusted browser or device the first time you sign in on it. For example, trusting Chrome on your desktop does not automatically mean Chrome is trusted on your laptop or mobile device - you must select I trust this browser on this device. Don’t ask for codes again. for Chrome on every device you sign in from.

Check if you’re browsing in incognito or privacy mode.

Incognito or private browsing windows can't access existing cookies from other browser sessions on your device, so it won’t know if you’ve previously designated the browser as trusted. If you want to use the “trust this browser” option, sign into CAS using a regular browsing window.

Before replacing any mobile device you’re using for two-factor, you should generate two-factor backup codes. Otherwise, you may be locked out of your account during the transition to your new device. Here’s how:

1. Using your computer, log in to the my.ryerson portal with your username and password.
2. Find the Self Service module under the my.ryerson tab and click Personal Account.
3. Under the Security section, click Two-Factor Authentication.
4. Click Generate New Backup Codes.

Next, you’ll need to revoke two-factor authentication from your old device:

1. Using your computer, log in to the my.ryerson portal with your username and password.
2. Find the Self Service module under the my.ryerson tab and click Personal Account.
3. Under the Security section, click Two-Factor Authentication.
4. Under Two-Factor authentication is set up for: click Revoke next to the Mobile Device listing.
5. At the bottom of the page, you’ll find a listing of all your trusted browsers and devices. If your old device is listed, click the Revoke all trusted devices link.

Now you’re ready to set up your new device by installing Google Authenticator onto your new phone. Follow the steps for Android or iOS devices, including the steps for Part two: Add two-factor to your Ryerson account.

Once setup is complete, we recommend securely erasing or wiping your old device before disposing of it. For help doing this, contact your mobile device carrier or manufacturer.

Ryerson’s two-factor authentication system does not use text messaging, mobile data or wifi when you access the authenticator app. You’ll just need to set up the authenticator app and you’re good to go.

In your two-factor authentication settings, you can opt to generate one-time-use backup codes that can be kept as a recovery option if you cannot access your mobile device. We recommend printing and and keeping a copy in your wallet.

Some email clients support two-factor with IMAP. Check your email software to see if OAuth 2.0 is an option in your software’s IMAP configuration. If it isn’t, then use an application-specific password, which is more secure than your regular password - we call it a Google token. For help setting this up, see our page on how to Get a Google Token.