OVERVIEW
An extra layer of protection for your account
Is that really you logging in? In a remote work environment, attackers are using increasingly sophisticated ways of obtaining your password.
SFU’s Multi-Factor Authentication (MFA) is an extra layer of protection that can be added to your SFU account to drastically increase its security.
By using MFA, your digital identity, data, and access to systems are still protected even if your password is compromised.
Did you know?
- On average, there are 4,000,000+ logins per month to SFU web applications protected by CAS.
- Each month, SFU detects and remediates 200+ unauthorized logins from stolen, phished, or guessed credentials.
- It only takes one compromised account to put digital identities, sensitive data, and infrastructure at high risk.
HOW DOES MFA WORK?
"Multi-factor" refers to using two or more independent items to verify your identity, typically:
- something you know (i.e., your SFU computing ID and password), and
- something you have (i.e., a time-based passcode from your mobile device/hardware token).
This creates a layered defense, preventing further unauthorized access from your SFU account if your password is compromised.
What SFU applications are protected by MFA?
Currently, MFA at SFU is implemented for web applications that use SFU's Central Authentication Service (CAS) for authentication. You will be prompted for your MFA code when you sign into most web applications and/or services at SFU, including:
Learn more about CAS
What is using MFA like?
Currently, only your password is used to verify that it’s you logging in with your SFU Computing ID.
With MFA, you’ll enter your password as you currently do, and then will be asked for a time-based MFA code that only you have access to on your mobile device/hardware token. There is also the option of “remembering” your MFA sign-in for seven days.
Even if an attacker obtains your password, they won’t be able to complete the login process without the time-based code. This is how MFA acts as an additional layer of defense to protect against unauthorized access to your data.
Please note, your mobile device/hardware token will need to be close by when you sign into a CAS-protected application.
What if my mobile device/hardware token is left at home, is lost, or runs out of battery?
In the case where you don't have your phone or hardware token with you, you can use one of your emergency login codes for access to your SFU account.
- Where to locate your emergency login codes: When you first set up multi-factor authentication, you will be given a list of one-time emergency login codes. Ensure to print/write them down and store them in a safe, accessible place, such as your wallet.
- If you have already gone through the MFA setup process and missed the opportunity to print/write down the list of emergency login codes for safekeeping, be sure to sign into the SFU MFA Management App to retrieve or generate new emergency login codes before you come across a scenario of not having your mobile device/hardware token with you.
Ready to set up MFA?
The initial setup includes three parts which will take approximately 5 minutes.
Set Up MFA