Multi-factor authentication (MFA)

Recommended Setup: Google Prompts or the Microsoft Authenticator app (push notifications or verification codes) with backup phone number(s).

How to Enroll:

1. Follow the instructions for how to Turn on 2-step verification using a computer and a phone. Google has a Guidebook for how to Set Up 2-Step Verification, as well.
2. Sign into the Gmail app (available in the Apple or Google Play stores) and select your profile icon, then Security to locate the 2-Step Verification section or navigate to Account Tools page on a browser and select Change your Google MFA options.
   • If you have a personal Gmail account already signed in, click your profile icon in the upper right and choose “Add another account” and then “Google” to sign in with your SUNY Oswego credentials.
3. Choose your methods:
   • Google Prompts: Follow the on-screen instructions to confirm your smartphone. This sends a "Yes/No" notification for quick approval.
   • Phone number: Receive a call or text message with a one-time code.
     • Optional: Add a backup phone number such as an office phone number for recovery.
   • Authenticator App*: Download the Microsoft Authenticator app (available in the Apple or Google Play stores). Scan the QR code displayed on your computer using the app to generate push notifications or time-based one-time passwords (TOTP).
     • Other Supported Apps
       • Browser Authentication: Although Google and Microsoft do not currently have a browser extension, alternatively, you may find one available for Chrome, Firefox, or Edge to work on your computer.
       • Google Authenticator app: for Apple or Google Play stores.
   • Backup Codes: Generate 10 8-digit backup codes and save securely for account recovery.
4. Turn on 2-step verification: Click “Turn on 2-step verification” at the top of the screen before exiting the 2-step verification page.

Note: 3rd-party email services such as Apple Mail, Thunderbird, Outlook, Yahoo, etc., do not allow Google MFA account management. You will need to sign in using the Gmail app or use a computer browser at oswego.edu/mail for managing your 2-step verification options.

Note: Passkeys are currently unavailable. The security key option is available but not managed by SUNY Oswego. Please contact CTS if you are having trouble setting up your MFA methods.

*Note: Enrolling only on a smartphone or tablet may create a feedback loop for password or MFA verification. We recommend adding at least one phone number instead if you do not have a computer.

Recommended Setup: the Microsoft Authenticator app (push notifications or verification codes) with backup phone number(s).

How to enroll on a computer with a smartphone:

1. Initiate MFA Setup: Navigate to the Account Tools page on a browser and select Change your other MFA options. Log in using your SUNY Oswego credentials. You'll be prompted with "More information is required." Click "Next."

2. Choose your methods: You will be prompted to set up the Microsoft Authenticator app on your mobile device. Alternatively, you may select “I want to set up a different method” to choose other methods.

   • Microsoft Authenticator App*: push notifications or time-based one-time password (TOTP) in the app.

     • Download and Install: Get the Microsoft Authenticator app (available in the Apple or Google Play stores).

     • Connect Account: If prompted in the app, allow notifications and do not sign in. Click to “Skip” sign in when prompted. Tap "+" in the upper right, and select "Work or school account," then "Scan a QR code" from your computer screen.

       • If you cannot scan the QR code, choose the “Can’t scan image?” option on the enrollment screen to manually add the account. On the app, select “Scan a QR Code”, then “Enter Code Manually”.

     • Test and Confirm: Approve the push notification on your phone or enter the 6-digit code from the app to complete setup.

   • Phone Number(s): Add phone number(s) for call or text options.

   • Browser Authentication: Although Google and Microsoft do not currently have a browser extension, you may find one available for Chrome, Firefox, or Edge to work on your computer. 

3. Add Additional Verification (Recommended): Set up a backup phone number for SMS codes/call or a different authenticator, such as a browser extension authenticator, for recovery.
4. Select your Default Method: Once you have more than one verification method, you may select which method you would like offered first upon signing in to SUNY Oswego services.

*Note: Enrolling only on a smartphone or tablet may create a feedback loop for password or MFA verification. We recommend adding at least one phone number instead if you do not have a computer.

We recommend setting up at least two options that are not both tied to your smartphone. The Microsoft Authenticator app offers excellent security and ease of use. As a backup, consider using your phone number(s).

2-step verification will need to be turned on for email and other LakerApps services within a month of signing in for the first time. Trying to sign in after one month without 2-step verification turned on will produce this error message.

If you are using an email service other than the Gmail app on a mobile device and cannot use oswego.edu/mail on a computer to sign in, you will need to download and use the Gmail app to complete the MFA process. Follow the instructions for turning on 2-step verification for Android or iPhone & iPad. Contact CTS if you are still having trouble signing in.

Yes, you can sign into Google Chrome, Gmail and other LakerApps services from shared computers on campus, but they will require entering your MFA credentials. The computers are reset at regular intervals and will not remember your previous login.

While traveling, we recommend using the Microsoft Authenticator app. It's the most reliable and secure option, especially when you may not have access to your regular phone number or stable cell service for text messages or calls. The app can generate verification codes even without an internet connection, making it ideal for travel. It is best to download and set up the app before you travel.

The Microsoft Authenticator app does not require an internet or cellular connection to generate codes, making it ideal. You can also set your home phone number as an alternative for calls.

1. Phone number may already be in use with another Google account. If you have other Google accounts, check if the number is already registered for 2-step verification on one of them. If so, you might need to use a different number for the new account, or consider using alternative verification methods like Google Prompts, an Authenticator app or backup codes.
2. Virtual or VoIP Numbers: To prevent spam, Google's system may flag virtual phone numbers or those from certain free text apps. This is because these numbers can be less secure. Use a phone number from a reputable carrier for 2-step verification.
3. "Something Went Wrong. Try Again" Error: This is a generic message that may relate to issues with the phone number or temporary system glitches. Solution:
   1. Wait and retry: Sometimes, it's a temporary issue. Wait a few hours or even a day and try again.
   2. Try a different browser or device: Clear your browser's cache and cookies, or try adding the number from a different browser or device.
   3. Check internet connection: Ensure you have a stable internet connection.

1. Verify your phone plan and signal: Make sure you have a good mobile network connection. There might be temporary network issues with your mobile carrier’s network. Moving to a different location may improve delivery.
2. Blocked/Spam Numbers: Verify the numbers sending the verification codes are not being blocked or treated as spam.
3. Restart your phone:  This refreshes the connection to your provider's cellular network.
4. Use Backup Methods: Select “Sign in Another Way” or “Try Another Way” to display all of your MFA options at sign-in.

1. Use Backup Methods: You may use the prompt to “Sign in Another Way” or “Try Another Way” to view all of your MFA options. Make sure you have set up alternative MFA methods, such as your office phone or tablet/computer.
2. Authenticator App Sign-in Issue: If you sign into authenticator apps with the SUNY Oswego email, remove the authenticator app, or get a new phone, the authentication link is no longer usable. If you have no other way of authenticating, you can contact CTS for assistance.

1. Sign out of the lost or stolen device: (Google and Microsoft)
2. Review Recent Sign-in Activity and connected apps/sessions: (Google and Microsoft).
3. Use Backup Methods: You may use the prompt to “Sign in Another Way” or “Try Another Way” to view all of your MFA options. Make sure you have set up alternative MFA methods, such as your office phone or tablet/computer.

1. Add New Method: Use trusted devices to sign into your accounts and add the new MFA method for Google and Microsoft.
2. Sign out of the devices you no longer use: (Google and Microsoft)

If you only have one method set up for MFA and cannot access it, please contact the CTS Help Desk for assistance.

If you left your phone at home and have other sign-in methods set up, please select the 'I want to use a different method”, “Sign in Another Way”, or “Try Another Way” options to view other ways to sign in.

If you only have one method set up for MFA and cannot access it, please contact the CTS Help Desk for assistance.

For Google, navigate to Account Tools page on a browser and select Change your Google MFA options. Alternatively, on your Gmail app, navigate to your profile icon, then Security and select 2-Step Verification.

For other services using Microsoft login, navigate to Account Tools page on a browser and select Change your other MFA options.