“Two-Factor Authentication (2FA) is an extra step in logging on to web pages to make sure it's really you who's trying to access the site and, ultimately, your important information. Beside your typical username and password, 2FA asks you to confirm that you're actually the person accessing the account.

At Waterloo, the most common way is for you to get a notification either on your phone - through an app or a text message - or on a special device (that the University provides) called a token. After you've entered your username and password, the system will send you a request on your phone or on the token. You can either directly confirm it's you on the app or token, or you can get a code by text that you would input on the web page.

I've been using 2FA for Quest and other UW systems for more than a year. The setup was really easy and using the software doesn't cause any real problems, as long as you have your phone or the token handy. After a little while, you start to remember to keep these things with you when you're accessing web pages that need them.

The 2FA system is also smart enough to not require the additional step every time. For your email, you only have to go through the 2FA system once per month. For quest, you only have to do it once per day. The added safety that 2FA offers is really important to the security of our systems. If the CRA had used 2FA, the recent data breach that allowed 6000 accounts to be hacked wouldn't have been possible. The 2FA system reflects best practices in security and I applaud the University for taking these steps.”

- Jeff Casello Associate Vice-President, Graduate Studies and Postdoctoral Affairs