Helpful resources


About two-factor authentication (2FA)

What is two-factor authentication?

Two-factor authentication (2FA) adds an extra layer of security to your University accounts.

Verifying your identity using a second factor (like your phone or other mobile device) prevents others from accessing your accounts, even if they know your password.

Watch the 2FA recorded seminar to learn more! (authentication required)

Do I have to use 2FA?

2FA is required by all University students and employees to access 2FA supported services.

You are encouraged to enrol in this service using the Duo Mobile App for the most secure and convenient 2FA experience. Don't have a phone or would prefer an alternate option? See our list of second-factor alternatives or contact your 2FA Change Champion for support.

2FA supported services

  • Office 365 web portal
  • Outlook web app (OWA)
  • LEARN, Quest
  • Workday, Concur, Unit4
  • Campus virtual private network (VPN)
  • Other applications that support single sign-on

How does it work?

Logging into 2FA protected sites and applications is as simple as accepting a notification on your phone, plugging in an authenticator, or entering a PIN from a text message or phone call. Enrol once to protect all of your supported services.

Helpful tip: Reduce the number of authentication prompts you receive from an applications each month by selecting Remember me for 30 days.

 enter password as usual

Enter your password

 verify your identify using your phone

Use your phone to verify your identity

 you are securely logged in

You're securely logged in

Get started

Ready to add your device?
Go to:

Get started now

Please note

If you begin the enrolment process, but don't complete it, you will be considered opted in and will be challenged when logging in to 2FA protected applications or websites. 2FA is required to access many campus systems.

Text-based guide

IST has created a text-based enrollment guide you may prefer to review.

View the enrolment guide.

System requirements

Download the Duo Mobile app


    Select a second factor tool and manage your devices

    There are a number of criteria to consider in selecting a second factor option


    Already enrolled? View our Duo device management support article and then visit the Device Management Portal to add a device or manage an existing device




    See what your colleagues and classmates are saying about 2FA

    “As someone with elevated access in Workday 2FA provides an added layer of security on my account. It is comforting to know that if my account is compromised there is that additional safety net protecting myself and the campus.”

    Trevor Ridgway

    HR Systems Support Administrator


    I’m really liking the 2-factor authentication. Really smooth and easy."

    Kelly Grindrod

    Associate Professor, School of Pharmacy

    "2FA has provided us with an additional layer of comfort for technologies that manage HR and employee sensitive information.  We can be assured that if log in information is compromised, 2FA provides an additional layer of protection to ensure that our data and processes are protected against misuse.”

    Kimberly Snage

    Director, HR Projects, Technology & Analytics


    “The 2FA is an extra precaution to password protection. The setup of the 2FA was simple; you received your 2FA and when you logged in, you pushed the button on it and it gave you a number to type in.  It also let you set up whether you wish to use just your 2FA, or set up the DUO App (cell phone) and use both.  I choose the DUO as I did receive two 2FA’s that did not work very well so I now just use my cell phone and do not have the Token.

    I would recommend the 2FA because it gives that added password protection and peace of mind.”

    - Linda Bloos, Records Coordinator - Environment and Arts, Registrar’s Office

    “All employees in our unit were required to use 2FA since September 2019 to protect data we access daily. Instructions provided were clear and it was easy to set up. When on campus, I use the token since it's on my key chain and I always have my keys with me. But since transitioning to working from home, I've also transitioned to using the Duo App since I don't carry my keys and my mobile phone is always nearby. After a while, you do get used to having to confirm your log in request via 2FA and it becomes second nature and part of the normal sign in process.”

    Danielle Jeanneault, Editor, Undergraduate Calendar and Manager, Communications
    Registrar's Office


    Two-Factor Authentication (2FA) is an extra step in logging on to web pages to make sure it's really you who's trying to access the site and, ultimately, your important information. Beside your typical username and password, 2FA asks you to confirm that you're actually the person accessing the account.

    At Waterloo, the most common way is for you to get a notification either on your phone - through an app or a text message - or on a special device (that the University provides) called a token. After you've entered your username and password, the system will send you a request on your phone or on the token. You can either directly confirm it's you on the app or token, or you can get a code by text that you would input on the web page.

    I've been using 2FA for Quest and other UW systems for more than a year. The setup was really easy and using the software doesn't cause any real problems, as long as you have your phone or the token handy. After a little while, you start to remember to keep these things with you when you're accessing web pages that need them.

    The 2FA system is also smart enough to not require the additional step every time. For your email, you only have to go through the 2FA system once per month. For quest, you only have to do it once per day. The added safety that 2FA offers is really important to the security of our systems. If the CRA had used 2FA, the recent data breach that allowed 6000 accounts to be hacked wouldn't have been possible. The 2FA system reflects best practices in security and I applaud the University for taking these steps.” 

    Jeff Casello Associate Vice-President, Graduate Studies and Postdoctoral Affairs