Multi-factor Authentication (MFA)

Overview

Important: MFA will be mandatory, Month XX, 2024, for accessing the campus VPN

Beginning Month XX, 2024, MFA will be required to access the campus VPN. Familiarize yourself with the new login process before this date to minimize any inconvenience. Connect to the UBC VPN with MFA.

As part of our ongoing effort to keep personal information at UBC secure, multi-factor authentication (MFA) has been introduced across the University. By adding MFA to applications that use UBC’s Campus-wide Login (CWL), we have strengthened security with an additional layer of protection, requiring two or more items to verify a user’s identity:

  • something you know (i.e. your password), and
  • something you have (i.e. a trusted mobile phone or hardware token).

UBC's multi-factor authentication is provided by Cisco Duo, a trusted cloud-based MFA solution utilized by over 300 educational institutions in North America, including UCLA, Harvard, University of Toronto and Toronto Metropolitan University.


Requirements

Audience

UBC students, faculty and staff


Further Information

Why is multi-factor authentication (MFA) necessary?

Implementing multi-factor authentication technology is UBC's best protection against stolen credentials and is a key mitigating tool against spam/phishing emails.

For many years at UBC, faculty and staff and students were able to log in to most UBC web applications with just their CWL username and password, regardless of physical location, risk profile, or information they were accessing. This was a substantial risk, as anyone in possession of stolen CWL credentials could access all information available to that user.

In the current environment, where credentials are being stolen or inadvertently given away through email phishing campaigns, UBC saw the need to add another layer of authentication through MFA to ensure its private and sensitive information is kept secure. In addition, MFA protection is a legal requirement in the case of Payment Card Industry (PCI) transactions and certain personal health information systems.


Getting Started

Adding MFA protection to your CWL account takes just two steps:

  • Step 1: Log in to MFA Device Management Website
    Using your CWL username and password, log in to the Self-service MFA Enrollment and Device Management website at https://mfadevices.id.ubc.ca.
  • Step 2: Enroll your device
    Follow the detailed step-by-step instructions to enroll your first device. Once you are enrolled you can manage any of the authentication methods associated with your account, including adding or removing a device.

Support

If you have trouble with multi-factor authentication: