Setting up two-factor authentication on your Google account

Two-factor authentication (2FA) adds a second check when you sign in to your accounts. This guide walks you through setting it up on both your Google Workspace account and simPRO, with minimal fuss.

Why we’re asking you to do this

Our accounts hold a lot: customer details, supplier correspondence, quotes, invoices, and access to our shared drives. If someone’s password gets compromised - through a data breach at another site, a phishing email, or just bad luck - 2FA means the attacker still can’t get in without also having your phone.

It takes about five minutes per account to set up, and once it’s running you’ll barely notice it’s there. We’re asking everyone to enable it because one unprotected account is a weak link for all of us.

Note

A note on account access. Woven & Woods accounts remain company property. As the account administrator, management can recover or access any account if needed - for example, if a phone is lost, if someone leaves the business, or if we need to retrieve files urgently. This applies even when 2FA is enabled. This is standard practice for business accounts and is there to protect the business, not to monitor you.

---

Before you start

You’ll need the following to hand:

• Your Woven & Woods Google account open in a browser (Chrome, Firefox, Safari - any will do)
• Your Woven & Woods issued mobile phone

Your work phone already has Google Authenticator installed. You’ll use it for both your Google account and simPRO, so you only need to get familiar with it once.

If for any reason you don’t have Google Authenticator on your phone, speak to Will before continuing.

---

Which 2FA method should I use?

There are a few ways Google can verify it’s you when you sign in. Here’s a plain summary of the options, in order of preference:

Google Authenticator (recommended). The app generates a fresh six-digit code every 30 seconds. You open the app and type in the code. It works without mobile signal or Wi-Fi, and it’s the most secure option available to you. Your work phone already has this installed.

Google prompts (acceptable). A notification pops up on your phone and you tap “Yes, it’s me.” Convenient, but slightly less secure - if you ever receive a prompt you didn’t request, it means someone else is trying to get into your account.

Text message / SMS (last resort only). Google sends a code to your mobile number by text. This works, and it’s better than no 2FA at all, but it is the weakest option. SMS codes can be intercepted or redirected if someone takes over your phone number - a real attack known as SIM swapping. Only use this if neither of the above options is available to you.

Caution

Do not use SMS as your primary 2FA method if you can avoid it. Google Authenticator is already on your work phone - use that instead.

---

Part 1 - Google Workspace

1. Go to your Google account settings

   With your Woven & Woods account signed in, click your profile photo or initial in the top-right corner of any Google page (Gmail, Drive, etc.), then click Manage your Google Account.

2. Open the Security tab

   Along the top of the account page, you’ll see a row of tabs: Home, Personal info, Data & privacy, Security, and so on. Click Security.

3. Find the “How you sign in to Google” section

   Scroll down until you see a section called How you sign in to Google. Inside it, you’ll see an option called 2-Step Verification. Click on it.

4. Click “Get started”

   Google will show you a brief explanation of what 2-Step Verification does. Click the blue Get started button.

   You may be asked to enter your password again at this point - this is normal. Go ahead and sign in.

5. Choose “Authenticator app”

   Google will present a list of options. Look for Authenticator app and select it. On the next screen, click Set up authenticator.

6. Scan the QR code with Google Authenticator

   Google will show a QR code on screen. On your work phone, open the Google Authenticator app, tap the + button, and choose Scan a QR code. Point your phone camera at the QR code on your computer screen.

   Once scanned, Authenticator will add your Woven & Woods Google account and immediately start showing a six-digit code that refreshes every 30 seconds.

7. Enter the code to confirm

   Back in your browser, Google will ask you to enter the code currently showing in the Authenticator app. Type it in and click Verify.

   If the code doesn’t work, wait for it to refresh (the circle icon in the app counts down) and try the next one. Codes expire quickly - type it in as soon as you see it.

8. Confirm and turn it on

   Once Google has verified the code, you’ll reach a confirmation screen. Click Turn on to activate 2-Step Verification.

9. Done

   You’ll be returned to the Security page, and 2-Step Verification will now show as On. From this point forward, whenever you sign in to your Woven & Woods Google account on a new device or browser, you’ll be asked for a code from the Authenticator app.

What signing in to Google will look like from now on

The change is small. On devices you already use regularly - your work laptop at the showroom, for example - Google may remember your device for a period and not ask every single time. On a new device or after clearing your browser data, you’ll be asked for the second check.

When prompted, open Google Authenticator on your phone, find the Woven & Woods Google entry, and type in the six-digit code shown. It takes about ten seconds.

If you lose access to your Google account

If your phone is lost, broken, or unavailable, contact a member of the management team - they can recover your account from the admin side.

During setup, Google will also offer you the option to save backup codes - a set of one-time emergency codes you can print or store safely. It’s worth doing this as an extra precaution.

Caution

Do not store your backup codes in your Google Drive. If someone gets into your account, you don’t want them to also find the codes that bypass 2FA.

---

Part 2 - simPRO

Note

A note on simPRO 2FA Woven & Woods has not chosen to enable 2FA on simPRO as of writing. This guide is here in case this changes in the future.

simPRO also uses Google Authenticator for its 2FA, so the same app on your work phone covers both. You don’t need to install anything extra.

Unlike Google, the simPRO setup process starts automatically the next time you log in - you won’t need to go hunting through settings pages. Just log in as normal and follow the prompts.

1. Log in to simPRO as usual

   Go to your simPRO login page and enter your username and password as normal. Once you’re in, the 2FA setup process will start automatically.

2. Click “Get Started”

   simPRO will show you a brief introduction to the 2FA setup. Click Get Started.

3. Scan the QR code

   simPRO will display a QR code on screen. Open Google Authenticator on your work phone, tap the + button, and choose Scan a QR code. Point your camera at the code on screen.

   If your phone camera isn’t working, click Manual Entry with Provided Key below the QR code and type the key into the app instead. If you do this, make sure Time-based is toggled on in the app.

4. Enter the six-digit code

   Once scanned, Google Authenticator will show a six-digit code for your simPRO account. Type it into the field on screen and click Next.

   On this screen you’ll also see an option to Trust this device. Ticking this means simPRO will only ask for a 2FA code every 30 days on this device, rather than every single time you log in. If you use simPRO regularly on the same computer, it’s reasonable to tick this.

5. Set your security questions

   simPRO will ask you to choose three security questions and provide answers. These are a backup in case you ever don’t have your phone with you. Pick questions and answers you’ll actually remember, then click Next.

6. Done

   Click Go to Dashboard. The setup is complete. You’re now logged in and 2FA is active on your simPRO account.

What signing in to simPRO will look like from now on

On trusted devices, simPRO will only ask for a 2FA code once every 30 days. On a new device or browser, or if you didn’t tick “Trust this device” during setup, you’ll be asked for a code from Google Authenticator each time you log in. The process is the same as with Google - open the app, find the simPRO entry, and type in the code.

If you don’t have your phone with you, click I don’t have my device with me on the login screen and answer your security questions instead.

If you get locked out of simPRO

If you can’t get in and can’t answer your security questions, contact Will - the account admin can reset your 2FA from the employee settings in simPRO, which will let you go through the setup process again from scratch.

---

Common questions

Do I need to set up 2FA separately for Google and simPRO? Yes - they’re separate systems. Both use Google Authenticator, so the same app handles both, but you’ll have two separate entries in the app: one for your Google account and one for simPRO.

Will I be asked for the code every time I open Gmail or simPRO? Probably not on devices you use regularly. Both Google and simPRO are good at recognising trusted devices. You’ll mainly see it when signing in on something new, or every 30 days on simPRO if you ticked “Trust this device.”

What if I get a new work phone? Open Google Authenticator on your old phone, go to the menu, and look for the Transfer accounts option to move your codes to the new device. If you no longer have access to your old phone, contact Will and he’ll help you get back in via admin account recovery for both Google and simPRO.

I got a prompt I didn’t request - what does that mean? Someone is trying to sign in to your account. If you see an unexpected request you didn’t trigger, do not approve it. Change your password immediately and let Will or the management team know.

Can I use my personal phone instead of my work phone? Ideally, use your work phone. If you don’t have one or there’s a reason you can’t, speak to Will before setting anything up.

What about using a text message for Google instead? SMS is supported, but it’s the least secure option and should only be used as a last resort. Your work phone has Google Authenticator already - please use that. simPRO does not offer SMS as an option.

---

If anything in this guide doesn’t match what you see on screen, or you run into a problem at any step, just ask - we’re happy to walk you through it in person at either showroom.