Set Up MFA using mobile device

OVERVIEW

This article outlines the 3 parts needed to set up your mobile device for MFA, and it should only take approximately 5 minutes:

 

Part 1. Install a MFA Mobile App

On your mobile device, go to the App Store (iOS) or Play Store (Android) and install "LastPass Authenticator":

Note: Please download “LastPass Authenticator” and not “LastPass Password Manager”.

SFU is not affiliated with LastPass Authenticator or any third-party MFA applications. You are free to choose any of the MFA mobile apps that support the TOTP protocol.

Why is LastPass Authenticator recommended?

We recommend LastPass Authenticator because:

  1. It's free to use,
  2. It does not collect personal information (only requests file permissions for storing your MFA locally, and camera permissions for scanning QR code),
  3. It does not require an internet connection to function (aside from the initial app download), and
  4. It's reputable and well-known MFA mobile app.

Note: SFU recommends LastPass Authenticator because of the user benefits described above, but we are not affiliated with LastPass Authenticator or any third-party MFA applications. You are free to choose any of the MFA mobile apps that support the TOTP protocol.

I already have an app that does MFA, can I use that?

Applications that support the TOTP protocol will work for MFA at SFU. If you already have a MFA application that you are using for other services, you may continue to use that application for MFA at SFU as well.

Note: SFU recommends LastPass Authenticator because of the benefits it provides to users, but we are not affiliated with LastPass Authenticator or any third-party MFA applications. You are free to choose any of the MFA mobile apps that support the TOTP protocol.

*TOTP (Time-based One-time Password) protocol for multi-factor authentication requires a time-based (30 second) code that the user must enter. It changes every 30 seconds to maximize security.

 

Part 2. Set up mobile device with MFA

1. Have your MFA mobile app ready and nearby

On your desktop or laptop computer, go to mfa.sfu.ca to set up your mobile device. Sign in with your SFU computing ID and password.

 

2. Once you have successfully signed in, you will see the two options available for MFA enrollment. Select "I'll use my Mobile Device for MFA" to begin your set up process.

Next, read the instructions on the screen to ensure you have the equipment needed for this set up. Select "Continue" when you are ready.

 

3. On the MFA setup page, you are presented with 3 steps that correspond with the following sub points (i.e., 3a, 3b, and 3c):

3a) Launch the MFA mobile app on your device, and select "Add new account".

 

3b) Scan the QR code presented on the MFA setup page using your mobile device.

Once the account is added, a "Need backup?" consent window may pop up on your mobile app asking to save your account as a backup. Select "No thanks".

Can't scan the QR code? 

  1. On the MFA setup page, select the "Can't Scan QR code" button.
  2. Go to your MFA mobile app and select "No QR code?". Fill in the fields presented on your MFA mobile app and select "Save" when you are ready.

 

3c) Once you have registered your mobile app, type in the 6-digit MFA code presented in the app.

Next, select "Continue" to proceed to the final step of your MFA enrollment.

 

PART 3. Print and store emergency login codes

As the final step of your MFA setup, please do one of the following to keep a record of your emergency login codes:

  • Select "Print Emergency Login Codes" to print out a physical copy of your emergency login codes, or
  • Write down your emergency login codes on a piece of paper. 

Once you have documented and stored your emergency login codes safely, check the box beside "I have printed and securely stored my emergency login codes" and select "Complete MFA Setup".

These 8-digit emergency login codes are one-time use codes, and should only be used as the last resort.

What are the differences between MFA codes and Emergency Login Codes?

There are 2 types of codes you would encounter when using MFA:

MFA code
  • A 6-digit code that refreshes every 30 seconds on your mobile device or hardware token.
  • MFA codes are used for daily logins.
Emergency Login Codes
  • A set of 8-digit codes that are generated during your MFA setup and can be located in the SFU MFA Management App.
  • Emergency logins codes are only used when you do not have access to your usual MFA codes (e.g., forgot/lost/broke your mobile device or hardware token).
How do I securely store my emergency login codes?
Keep your emergency login codes safe by following these important tips:
  • Store your emergency login codes in a safe, accessible place nearby you, such as your wallet.
  • Do not store your emergency login codes on CAS-protected services such as your SFU Mail account, as you won't be able to access them if you don't have your phone or hardware token.
  • Never share your emergency login codes with anyone.
  • You can generate new emergency login codes at any time by going to the SFU MFA Management App

 

Congratulations, you've completed your MFA setup!

If your MFA setup was successful, a "Congratulations, your MFA registration is complete" confirmation message will be shown on the final screen.

Your MFA mobile app should now be showing a 6-digit MFA code that changes every 30 seconds.

 

How do I start using my MFA login?

Log in with MFA is easy as 1-2-3!

  1. Sign in to an SFU application with your SFU Computing ID and password, as you currently do.
  2. Type in the 6-digit MFA code being displayed on your MFA mobile app.
  3. Select "Submit" to sign in. 

Note: Remember to keep your mobile device nearby to sign in using the 6-digit MFA codes. You should only use your 8-digit emergency login codes as the last resort.

What does the “Remember me on this browser for 7 days” checkbox do?

If you do not want to be prompted for MFA every time you log in to a web application, you may check this checkbox to have your browser remembered for 7 days. To view and/or remove the trusted browsers you authenticated to "remember me for 7 days", please visit SFU MFA Management App

Please note that you will be prompted for MFA if you perform any of the following actions:

  • Log in using a different browser and device than the ones you previously authenticated to “remember” your MFA sign-in,
  • Clear your browsing history and/or cookies,
  • Enable the browser to "clear cookies and site data when you close all windows", 
  • Log in under “incognito mode” or “private mode” on your browser, or
  • Log in using the same device and browser after seven days since your last MFA sign-in.

 

Details

Article ID: 3988
Created
Fri 7/8/22 4:17 PM
Modified
Wed 2/1/23 12:28 PM

Related Services / Offerings (1)

Multi-Factor Authentication
SFU’s Multi-Factor Authentication (MFA) refers to using two or more independent items to verify your identity, typically something you know (i.e., your SFU computing ID and password) and something you have (i.e., a time-based code).