General MFA Questions
What is Multi-Factor Authentication (MFA)?
By setting up multi-factor authentication (MFA), you add an extra layer of security to your sign-ins. Multi-factor refers to using two or more items to verify your identity when you sign in, typically:
- something you know (i.e., your TWU email and password) and
- something you have (e.g., a 6-digit time-based code or notification on your phone).
This creates a layered defense, preventing unauthorized access from your TWU account even if your password is compromised.
Who needs to set up MFA?
MFA is mandatory for all current TWU students and employees. MFA is also mandatory for any Alumni who require access to their TWU Account (including emails).
How is the information I register protected?
If you choose to register an email address or download an authenticator app, they are only used to confirm your identity; either before resetting your password, or as an additional trust mechanism when required.
We understand concerns about privacy, and MFA is designed to enhance privacy and security. Most of the TWU community will have already used MFA when interacting with other universities, banking institutions, healthcare, or other personal services. Similar to these other institutions, TWU community members will enroll in the methods that they decide will be used to validate their identity. This information remains protected and secure in our Canadian tenant.
What services are protected by MFA?
MFA protects sign-ins to most services accessed through a browser when you sign in using your TWU email address. Examples include Outlook/M365, Moodle, and the Self-Service Links within TWU. If you see this TWU-branded login screen, your login may be protected by MFA:
Why am I being asked to download an app?
As TWU moves to the cloud, for all its substantial benefits, we want to keep your information safe. The largest threat we face is password compromise, usually by hacking of third-party services, phishing, or weak passwords. Credential theft is easy and occurs frequently. By registering for MFA using an app, it can be used instead of, or in addition to, a password. We recommend using the Microsoft Authenticator app.
By registering for MFA, you also unlock self-service password reset. Self-service password reset (SSPR) allows you to easily unlock your account and change your password. Regardless of if the password was forgotten, or must be reset due to a suspected compromise; you can unlock your account, change your password, and get access restored: anytime, anywhere.
Is this really necessary, are other Universities doing this?
Reports from higher education institutions within BC, and across Canada, show that MFA is becoming universally adopted. Outside higher education, the banking system and financial institutions have completely adopted this to protect their customers' savings and investments. Health systems in Canada are also starting to adopt this for patient privacy, as the United States has already done.
Questions about Using MFA
How does MFA change the login experience?
When you sign in to a TWU service, you will use your email address and password as usual. Depending on the type of login, you may be asked to pass the MFA prompt by using the method(s) you chose to register - this could mean retrieving a 6-digit code, approving a notification on your phone, or using a security key.
How often will I be prompted for MFA?
You should be prompted for MFA no more than once a day. MFA can be triggered if your login comes from off-campus, or if there is something unusual about the sign-in (e.g., a new location or a new device).
I still have questions
The Information Technology Department, together with the Service Hub are working hard to provide you with as much information as we can. Because this is an ongoing project, we will continue to provide information to you as the project progresses. Please keep an eye on the MFA Knowledge Base section as well as your emails, this is where you will be receiving updates about this project.
In the meantime, if you have an urgent question, please Ask the Service Hub and we will try our best to answer as much as we can.