Multi-Factor Authenticationget help

Is that really you logging in?

Password compromises are more common than you think.

What is Multi-Factor Authentication (MFA)?

"Multi-factor" refers to using two or more independent items to verify your identity, typically something you know (i.e., your SFU computing ID and password) and something you have (i.e., a time-based code).

During this time where work and study from home has increased, attackers are using increasingly sophisticated ways to obtain your password. MFA is one of your best defenses against remote attacks. 

Who needs to set up MFA?

MFA enrollment will be required for all faculty, staff and students.

  • All faculty and staff at SFU will be required to enroll in MFA by May 2021. If you are a faculty of staff member, you can choose to enroll at any time ahead of the deadline to avoid the rush. The MFA project team will be working with faculty and departments to facilitate the adoption for faculty and staff members. If you have a sponsored account, please visit our FAQs for more details.
  • All students, retirees, and any other accounts will be required to enroll in MFA by December 2021, and will be fully supported if they choose to enroll sooner.

Do I need to have cellular service or data coverage to use the MFA mobile application?

No; Aside from the initial app download, MFA applications do not require any internet connection, cell service, or data coverage to function.

How will MFA change the way I sign into SFU systems?

With MFA, you will start by signing into SFU applications with your SFU Computing ID and password as you currently do.  Next, you will be asked to enter a time-based code from an app on your phone – and you’re set. There is also the option of “remembering” your MFA sign-in for seven days.

*Only applications that are protected by the Central Authentication Service (CAS) will ask for the MFA passcode at this time.

How often will I be prompted for MFA?

By default, you will be prompted for your MFA code every time you log into a CAS-protected SFU web application.

If you do not want to be prompted for MFA every time you log in, you may select the  “Remember me on this browser for 7 days” checkbox just below the MFA code field. Upon successful sign in, you will not be prompted for an MFA code for seven days as long as you are using the same browser and device/computer.

Please note that the ‘Remember me’ setting will not work if you perform any of the following actions:

  • Log in using a different device and browser than the ones you previously authenticated to “remember” your MFA sign-in,
  • Clear your browsing history and/or cookies,
  • Log in under “incognito mode” or “private mode” on your browser, or
  • Log in using the same device and browser after seven days since your last MFA sign-in.

*To view and/or remove the browsers you’ve allowed to “remember” your MFA login, please visit the SFU MFA Management App.

Which SFU applications are protected by MFA?

MFA is currently enabled for all web applications that are protected by the Central Authentication Services (CAS). Prominent applications include:

CAS-protected web applications
  • SFU Mail
  • Canvas
  • SharePoint
  • Maillist
  • AEM (author.sfu.ca)
  • goSFU 
  • FINS
  • myINFO

Please note that future services will require you to be enrolled in MFA. More details will be announced with the new services.

 

How do I set up MFA?

The initial setup includes three steps which will take approximately 10 minutes.

*Ensure to enroll at a time when you do not need to log into any CAS-protected applications, as you will not be able to log in until the setup is complete.

How do I manage MFA settings after enrollment?

Manage the following MFA settings using the  SFU MFA Management App:

Change MFA Devices

Change which device you use for MFA.

 

Backup Code Management

View your current backup codes and/or generate new backup codes.

Change MFA Applications

Change which mobile application you use for MFA.

 

Trusted Browsers Management

View and/or remove the trusted browsers you authenticated to “remember you”.

Have questions? Please see our collection of Frequently Asked Questions.

For additional assistance, please contact your department’s IT staff or the IT Service Desk.