Set Up MFA using hardware token


This article outlines the 3 parts needed to set up your hardware token for MFA:


Part 1. Obtain a MFA hardware token

If you don’t have a mobile device or are unable to use one for MFA, using a hardware token would be an alternative. A hardware token is a small device that displays the 6-digit codes for logging into MFA.

how do I obtain a hardware token?
Please select one of the two options below:
  • For students, alumni, retirees and sponsored accounts who are unable to or cannot use a mobile device for MFA, hardware tokens are available for purchase at the SFU Bookstore either in-store or online.
  • For staff and faculty accounts, please visit Request a Hardware Token.


Part 2. Set up hardware token with MFA

1. Once you've obtained your hardware token, have it ready and nearby.

On your desktop or laptop computer, go to to set up your hardware token. Sign in with your SFU computing ID and password.


2. Once you have successfully signed in, you will see the two options available for MFA enrollment. Select "I have a Hardware Token" to begin your set up process.

Next, read the instructions on the screen to ensure you have the equipment needed for this set up. Select "Continue" when you are ready.


3. On the MFA setup page, enter the serial number located on the back of your hardware token and select "Continue".


4. Push the button on the front of your hardware token to display a 6-digit MFA code. Type in the code shown on the token display.

Next, select "Continue" to proceed to the final step of your MFA enrollment.

Token time drift?

If it's detected that the clock on your MFA token has drifted, you will see the following screen. Enter an additional code from your token to reset your token's time, and select "Continue" to proceed to the final step of your MFA enrollment.


PART 3. Print and store emergency login codes

As the final step of your MFA setup, please do one of the following to keep a record of your emergency login codes:

  • Select "Print Emergency Login Codes" to print out a physical copy of your emergency login codes, or
  • Write down your emergency login codes on a piece of paper. 

Once you have documented and stored your emergency login codes safely, check the box beside "I have printed and securely stored my emergency login codes" and select "Complete MFA Setup".

These 8-digit emergency login codes are one-time use codes, and should only be used as the last resort.

What are the differences between MFA codes and Emergency Login Codes?

There are 2 types of codes you would encounter when using MFA:

MFA code
  • A 6-digit code that refreshes every 30 seconds on your mobile device or hardware token.
  • MFA codes are used for daily logins.
Emergency Login Codes
  • A set of 8-digit codes that are generated during your MFA setup and can be located in the SFU MFA Management App.
  • Emergency logins codes are only used when you do not have access to your usual MFA codes (e.g., forgot/lost/broke your mobile device or hardware token).
How do I securely store my emergency login codes?

Keep your emergency login codes safe by following these important tips:

  • Store your emergency login codes in a safe, accessible place nearby you, such as your wallet.
  • Do not store your emergency login codes on CAS-protected services such as your SFU Mail account, as you won't be able to access them if you don't have your phone or hardware token.
  • Never share your emergency login codes with anyone.
  • You can generate new emergency login codes at any time by going to the SFU MFA Management App.


Congratulations, you've completed your MFA setup!

If your MFA setup was successful, a "Congratulations, your MFA registration is complete" confirmation message will be shown on the final screen.

Your MFA token should now be showing a 6-digit MFA code that changes every 30 seconds.


How do I start using my MFA login?

Log in with MFA is easy as 1-2-3!

  1. Sign in to an SFU application with your SFU Computing ID and password, as you currently do.
  2. Type in the 6-digit MFA code being displayed on your MFA token.
  3. Select "Submit" to sign in. 

Note: Remember to keep your hardware token nearby to sign in using the 6-digit MFA codes. You should only use your 8-digit emergency login codes as the last resort.

What does the “Remember me on this browser for 7 days” checkbox do?

If you do not want to be prompted for MFA every time you log in to a web application, you may check this checkbox to have your browser remembered for 7 days. To view and/or remove the trusted browsers you authenticated to "remember me for 7 days", please visit SFU MFA Management App

Please note that you will be prompted for MFA if you perform any of the following actions:

  • Log in using a different browser and device than the ones you previously authenticated to “remember” your MFA sign-in,
  • Clear your browsing history and/or cookies,
  • Enable the browser to "clear cookies and site data when you close all windows", 
  • Log in under “incognito mode” or “private mode” on your browser, or
  • Log in using the same device and browser after seven days since your last MFA sign-in.


Print Article


Article ID: 3989
Fri 7/8/22 4:52 PM
Wed 2/1/23 12:31 PM

Related Services / Offerings (1)

SFU’s Multi-Factor Authentication (MFA) refers to using two or more independent items to verify your identity, typically something you know (i.e., your SFU computing ID and password) and something you have (i.e., a time-based code).