Multi-Factor Authenticationget help

What is multi-factor authentication (MFA)?

MFA adds an extra layer of protection to your login

Currently we are using one single factor of authentication, i.e. password, to log into systems at SFU. Multi-factor authentication will combine two or more independent credentials, such as password, mobile phone or biometrics, as your login method. It will create a layered defence and make it more difficult for an unauthorized person to access your SFU systems on your behalf. If one factor is compromised, there will be at least one more barrier to block the attacker.

Check out more details if you have questions about:

  • Who needs to enroll in MFA and when?
  • What type of MFA will be used at SFU?
  • What SFU systems will be protected by MFA?

How to set up MFA

Set up MFA on a mobile device in 3 steps

The initial setup includes three steps which will take approximately 10 minutes. 

Ensure you enroll at a time you do not need to login to any CAS enabled applications, as you won't be able to login until the setup is complete.

Using a hardware token

Don’t have a mobile device or don’t want to use your device for multi-factor authentication? Alternatively, you can request a hardware token.

To request a multi-factor authentication hardware token, please email There is no cost for a hardware token.

Already using Duo at SFU?

I already use Duo to access SFU Cloud. What should I do?

You are welcome to also use Duo for access to CAS-protected systems at SFU. For access please email

Tips on using MFA

Using MFA means you will need your mobile device or hardware token every time trying to log into a CAS-protected system, such as SFU Mail. Check out our tips and keep up with the changes MFA brings to your login routines.

Have questions?

Please check out our Frequently Asked Questions, or contact us using the Get Help button at the top.