Multi-factor Authentication (MFA)


Students: Access to UBC services from off-campus now require MFA

Multi-factor authentication is now mandatory for all faculty, staff, and students. Having trouble enrolling? Review these common troubleshooting steps before contacting the IT Service Centre.

As part of our ongoing effort to keep personal information at UBC secure, multi-factor authentication (MFA) has been introduced across the University. By adding MFA to applications that use UBC’s Campus-wide Login (CWL), we have strengthened security with an additional layer of protection, requiring two or more items to verify a user’s identity:

  • something you know (i.e. your password), and
  • something you have (i.e. a trusted mobile phone or hardware token).

UBC's multi-factor authentication is provided by Cisco Duo, a trusted cloud-based MFA solution utilized by over 300 educational institutions in North America, including UCLA, Harvard, University of Toronto and Toronto Metropolitan University.



UBC students, faculty and staff

Further Information

Why is multi-factor authentication (MFA) necessary?

Implementing multi-factor authentication technology is UBC's best protection against stolen credentials and is a key mitigating tool against spam/phishing emails.

For many years at UBC, faculty and staff and students were able to log in to most UBC web applications with just their CWL username and password, regardless of physical location, risk profile, or information they were accessing. This was a substantial risk, as anyone in possession of stolen CWL credentials could access all information available to that user.

In the current environment, where credentials are being stolen or inadvertently given away through email phishing campaigns, UBC saw the need to add another layer of authentication through MFA to ensure its private and sensitive information is kept secure. In addition, MFA protection is a legal requirement in the case of Payment Card Industry (PCI) transactions and certain personal health information systems.

Getting Started

Adding MFA protection to your CWL account takes just two steps:

  • Step 1: Log in to MFA Device Management Website
    Using your CWL username and password, log in to the Self-service MFA Enrollment and Device Management website at

  • Step 2: Enroll your device
    Follow the detailed step-by-step instructions to enroll your first device. Once you are enrolled you can manage any of the authentication methods associated with your account, including adding or removing a device.


If you have trouble with multi-factor authentication: