2-Step Verification FAQs

What is 2-Step Verification?

2-Step Verification adds an extra layer of security to your GM access. The purpose is to increase security when performing actions on the computer that can involve access to, or transfer of, sensitive GM or personal information.

While login security is often handled using just a GMID and a password or login at a partner service such as Covisint, 2-Step Verification adds an extra operation (a second step) to some logins by prompting for a verification code. The verification code can be obtained in a number of ways, and all of these are setup in advance. Examples of how codes can be obtained are via a soft token, text or email.

Who is required to perform 2-Step Verification?

Everyone (GM or non-GM) accessing any internal system from outside of the GM network is required use 2-Step Verification. If the use of 2-Step Verification has a severe and adverse impact on an existing GM business process, contact the responsible GM IT system owner to discuss a deviation until a suitable solution is identified.

Where do Suppliers manage 2-Step preferences?

Suppliers are not allowed to change 2-Step Preferences via All SupplyPower users must change 2-Step email and 2-Step Phone via the Covisint Portal > Comply > 2-Step Verification Profile

Where do Joint Ventures (JVs) manage 2-Step preferences?

JVs change 2-Step Verification Preferences from the Covisint Page. Under the Covisint Applications section, select 2-Step Verification Profile. Currently, JVs are also allowed to manage their 2-Step Verification Profile by going to the GMID website at 2-Step Verification Preferences.

Where will I see 2-Step Verification happen?

The time you will most often be challenged for 2-Step Verification is for web access to GM from the Internet (such as using Socrates from your home computer). This applies to your web access to both documents and applications.

If you have logged on to a partner site such as GM SupplyPower or GM AlliancePower without 2-Step Verification, links to access to GM content may bring about the prompts for 2-Step Verification.

There are other times within the GM intranet where 2-Step Verification may happen. That will either be for specific applications that request the additional security step, or for very specific security sites which are most often only used by IT security personnel.

What does 2-Step Verification look like?

2-Step Verification will look like another kind of login prompt.

Typically it will be a window or box that is asking for a "Verification Code". When the correct code is entered, the prompt will go away, and your access to your GM application or content will continue as normal.

The options that are available for receiving your verification code will depend upon the options that you have setup in advance.

Here is an example of the 2-Step Verification prompt for web access to GM from the Internet:

How do I get a Verification Code?

A verification code will typically be a number that is at least six digits. It is either sent to you at a pre-configured location (phone or email account), or can be generated by something you have setup (like an application on mobile device or on computer or a specially configured token).

GM supports a wide variety of methods for obtaining verification codes, because we know that no single solution will work for all users all the time. The Soft Token option is the preferred method, since the 2-Step code is generated within the mobile phone app rather than a system sending you a 2-Step code.

How often will I need to perform 2-Step Verification?

The frequency of verification will vary.

For the common case (Internet access into GM) you have the option to store a record of your verification in your browser, and not be prompted again up to 90 days.

The “memory” 2-Step on the device is tied to your browser, and your GMID. Changes to any of these can cause re-verification. So if you update your browser, clear your cookies, or change your GMID password, any of these could cause re-verification.

Other applications may not allow such a setting, and they may require 2-Step Verification each time you use them, or each time you use a specific function within the application. These settings will be controlled by each individual application using 2-Step Verification.

How do I set up my email and phone number for 2-Step Verification?

Setup of 2-Step Verification depends upon your relationship to GM.

Employees & Contractors:

You can setup your 2-Step preferences by going to the GMID website at On the site there is a link for 2-Step Verification Preferences under the Account Maintenance section. This setup will require you to know your GMID and password.

Suppliers & Joint Ventures/Alliance Partners:

If you are a Supplier or a Joint Venture/Alliance Partner managed through Covisint, you should manage your 2-Step Verification Profile by clicking the link on the Covisint site. For Joint Ventures, this setup will require you to know your GMID and password.


  • The GMID site within GM cannot be used to setup 2-Step Verification preferences.

Suppliers Reset 2-Step Verification preferences process, what is it?

If a supplier is locked out of 2-Step Verification due to lost phone or email issues, the only way to have your 2-Step Verification preferences reset is by utilizing the Reset 2-Step Verification Preferences process.

IMPORTANT: This process will remove all your 2-Step Verification Preferences. You will need to contact your work with an Approver at your company to regain access.

Begin the Reset 2-Step Verification Preferences process, via the Covisint Portal > Comply > 2-Step Verification Profile. Click the help icon.

Click the Reset 2-Step Preferences button to begin the process.

Based on your company, you will be provided with a list of Approvers at your company that can help you. You must select one to proceed.

What if I’m not able to get onto the GM Network to setup 2-Step Verification?

Employees & Contractors:

As an alternative to the first-time setup at the GMID site, you can have someone in GM submit an ITRSC request which is labeled “Create or Modify 2-Step Verification Security Preferences” on your behalf. This request can be submitted by a fellow GM employee, or by calling the IT Service Desk. Once submitted, your GM manager must approve the request before the changes will be available for 2-Step Verification.

Only email and phone numbers can be set using this process.

Suppliers & Joint Ventures/Alliance Partners:

Are provided a 2-Step Verification process. Please see the previous FAQ

What is a “Soft Token”, and how do I get one?

A “Soft Token” is a verification code generated from a device or app on your mobile phone. Once setup, the app will generate 2-Step Verification codes without any connection to GM.

The 2-Step Tokens page will have instructions and allow you to add, remove, or verify any existing tokens that you may have.


  • Soft Tokens are available to all users regardless of relationship to GM.
  • Microsoft Authenticator is the preferred mobile application.
  • Note: China Android will need to use WeChat Authenticator because of the unavailability of Google Play Store in China. For further help, contact your Joint Venture Security Admin or Application Access Team Representative.

Error - I received the message: “Authentication Failed: No 2-Step Verification Methods Available.”

This message will appear if you have not setup any of the 2-Step verification methods and you cannot proceed with login. Please refer to the section “How do I set up my email and phone number for 2-Step Verification?”

Error - I received the message: “Authentication Failed” when logging on using my mobile device?

Some special characters (e.g. ‘.’ (Periods), or ‘!’ (exclamation points)) when used in passwords will have an extra space inserted after they are typed by the mobile device software. Be very careful that your password is not getting any additional characters added when entering it on the mobile device.

This can often be seen on Android devices when using the chrome browser.

Solutions can be: Try upgrading the standard browser to the latest version. Try using firefox or dolphin. Change your password to use a different special character such as ‘@’ or ‘#’ instead.

Error - I received the message: “Authentication Failed” when using my mobile phone, but also received a Verification Code?

If you have bookmarks previously set on your phone, sometimes this can cause an error message. It is recommended that you delete that bookmark, and then resave it. You can also manually enter the complete URL in your browser instead of using the bookmark.

Help - I am not receiving a text message Verification Code?

There are many possible causes for missing text messages.

First please check that your phone number is correct and is in the correct format. If you use the site for phone number setup, the correct format is enforced, but Suppliers and Joint Ventures/Alliance Partners need to pay particular attention to proper entry of all characters.

Some carriers do not allow their subscribers to receive text messages from our verification service. It requires a call to your mobile provider to have the ability enabled. This primarily applies to mobile service providers in North America, but may apply to some other countries as well. Other reasons may be:

  • Your mobile phone may not be getting service
  • You may not have a text plan on your mobile phone
  • Your mobile carrier is not supported at this time. Please review the list of supported carriers to see if your particular carrier is supported.
  • You may have responded “STOP” to the number from which you received the verification code; you should contact the global service desk.

Help - I am not receiving a phone call to tell me my Verification Code?

Your phone may not be getting service, or your phone number may not have been entered correctly on your profile. Please refer to the section “I am not receiving a text message Verification Code” for information and rules about the proper format for phone numbers.

When you request verification by phone you will receive a phone call. To approve sign-on for your GM account press the “#” key on your phone. To deny access hang up.

Help - I received more than one verification code, which one should I use?

If you received more than one verification code and have not used any of them, you MUST use the most recent code that was sent, and forget about the others.

Help - I entered my GMID credentials on my mobile phone and the 2-Step Verification window did not appear?

If the 2 Step Verification window does not appear, and this is preventing your access, you may have to disable your pop-up blocker (consult your browser or phone manual for instructions).

I selected the box “Remember this device for several days”, why am I still being asked for a verification code?

The “memory” 2-Step on the device is tied to your browser, and your GMID. Changes to any of these can cause re-verification. The new 2-Step Verification you see could be due to any of the following reasons:

  • You may have recently changed your GMID password
  • You may have updated your browser, which could clear its memory
  • You have changed devices and you have not used this one for 2-Step Verification recently
  • Your browser settings may be:
    • Deleting your history when you exit
    • Running in “private mode”
  • 90 days may have passed since you last performed 2-Step Verification (time flies!)

I’m logging in via my GM computer, why am I getting prompted for 2-Step?

First, please review the section “Where will I see 2-Step Verification happen”.

The most common cause for seeing 2-Step Verification on your GM computer will be that you are either offsite or connected to an external (non-GM) network. When that happens, instant messenger and other automatically started programs can trigger a 2-Step Verification prompt. This is especially true when your computer is coming out of sleep mode. The reason for this is that the programs are trying to connect to GM via the Internet before the VPN connection has been established. If this is the case, give your VPN connection time to establish, and then close the instant messenger or other program, and restart it.

Another reason this may happen is that someone has sent you a link to a document specifically sending you outside GM’s intranet in order to retrieve the document. In that case you will be using the external gateways which will prompt for 2-Step Verification.

When answering security questions, there were odd characters like “%20#amp” etc. as part of my security questions?

This should only apply to the users who setup their 2-Step Verification security questions prior to May 20, 2013. If you experience this, you can make any minor edit to the questions (see “How do I setup my personal security questions for 2-Step Verification”) on the GMID site, which will reset and save the questions/answers in the correct format.

Still having issues?

If you experience any issues with 2-Step Verification, please contact the GM Service Desk.