Helpful resources
- Enrol your mobile device in the Duo Mobile App
- Add a second and/or backup device should you lose/forget your primary device
- Learn how to generate backup, single-use authentication codes
- Learn more about other second-factor options
- Review 2FA FAQ’s and learn more about this change
- When logging in to a supported system, select the Remember me for 30 days option to reduce the number of authentication prompts received for that system
- Employees who would prefer to use a token authenticator should complete the 2FA Token Request form (Note: this process takes approximately three weeks)
- Duo 2FA and the virtual private network (VPN)
About two-factor authentication (2FA)
What is two-factor authentication?
Two-factor authentication (2FA) adds an extra layer of security to your University accounts.
Verifying your identity using a second factor (like your phone or other mobile device) prevents others from accessing your accounts, even if they know your password.
Watch the 2FA recorded seminar to learn more! (authentication required)
Do I have to use 2FA?
2FA is required by all University students and employees to access 2FA supported services.
You are encouraged to enrol in this service using the Duo Mobile App for the most secure and convenient 2FA experience. Don't have a phone or would prefer an alternate option? See our list of second-factor alternatives or contact your 2FA Change Champion for support.
2FA supported services
- Office 365 web portal
- Outlook web app (OWA)
- LEARN, Quest
- Workday, Concur, Unit4
- Campus virtual private network (VPN)
- Other applications that support single sign-on
How does it work?
Logging into 2FA protected sites and applications is as simple as accepting a notification on your phone, plugging in an authenticator, or entering a PIN from a text message or phone call. Enrol once to protect all of your supported services.
Helpful tip: Reduce the number of authentication prompts you receive from an applications each month by selecting Remember me for 30 days.
Enter your password
Use your phone to verify your identity
You're securely logged in
Get started
Ready to add your device?
Go to: https://2fa.uwaterloo.ca/duo/enrol
Please note
If you begin the enrolment process, but don't complete it, you will be considered opted in and will be challenged when logging in to 2FA protected applications or websites. 2FA is required to access many campus systems.
Text-based guide
IST has created a text-based enrollment guide you may prefer to review.
System requirements
Download the Duo Mobile app
Select a second factor tool and manage your devices
There are a number of criteria to consider in selecting a second factor option.
Already enrolled? View our Duo device management support article and then visit the Device Management Portal to add a device or manage an existing device.
See what your colleagues and classmates are saying about 2FA
“As someone with elevated access in Workday 2FA provides an added layer of security on my account. It is comforting to know that if my account is compromised there is that additional safety net protecting myself and the campus.”
Trevor Ridgway
HR Systems Support Administrator
“I’m really liking the 2-factor authentication. Really smooth and easy."
Kelly Grindrod
Associate Professor, School of Pharmacy
"2FA has provided us with an additional layer of comfort for technologies that manage HR and employee sensitive information. We can be assured that if log in information is compromised, 2FA provides an additional layer of protection to ensure that our data and processes are protected against misuse.”
Kimberly Snage
Director, HR Projects, Technology & Analytics
“The 2FA is an extra precaution to password protection. The setup of the 2FA was simple; you received your 2FA and when you logged in, you pushed the button on it and it gave you a number to type in. It also let you set up whether you wish to use just your 2FA, or set up the DUO App (cell phone) and use both. I choose the DUO as I did receive two 2FA’s that did not work very well so I now just use my cell phone and do not have the Token.
I would recommend the 2FA because it gives that added password protection and peace of mind.”
- Linda Bloos, Records Coordinator - Environment and Arts, Registrar’s Office
“All employees in our unit were required to use 2FA since September 2019 to protect data we access daily. Instructions provided were clear and it was easy to set up. When on campus, I use the token since it's on my key chain and I always have my keys with me. But since transitioning to working from home, I've also transitioned to using the Duo App since I don't carry my keys and my mobile phone is always nearby. After a while, you do get used to having to confirm your log in request via 2FA and it becomes second nature and part of the normal sign in process.”
Danielle Jeanneault, Editor, Undergraduate Calendar and Manager, Communications
Registrar's Office
“Two-Factor Authentication (2FA) is an extra step in logging on to web pages to make sure it's really you who's trying to access the site and, ultimately, your important information. Beside your typical username and password, 2FA asks you to confirm that you're actually the person accessing the account.
At Waterloo, the most common way is for you to get a notification either on your phone - through an app or a text message - or on a special device (that the University provides) called a token. After you've entered your username and password, the system will send you a request on your phone or on the token. You can either directly confirm it's you on the app or token, or you can get a code by text that you would input on the web page.
I've been using 2FA for Quest and other UW systems for more than a year. The setup was really easy and using the software doesn't cause any real problems, as long as you have your phone or the token handy. After a little while, you start to remember to keep these things with you when you're accessing web pages that need them.
The 2FA system is also smart enough to not require the additional step every time. For your email, you only have to go through the 2FA system once per month. For quest, you only have to do it once per day. The added safety that 2FA offers is really important to the security of our systems. If the CRA had used 2FA, the recent data breach that allowed 6000 accounts to be hacked wouldn't have been possible. The 2FA system reflects best practices in security and I applaud the University for taking these steps.”
- Jeff Casello Associate Vice-President, Graduate Studies and Postdoctoral Affairs