Skip to main content

Multi-factor authentication for students

With cybersecurity threats becoming increasingly sophisticated, Concordia is joining institutions around the world in adopting multi-factor authentication (MFA) to help keep the digital assets, information and user identities of our community safe.

What is multi-factor authentication (MFA)?

In a nutshell, MFA means using something besides a single username and password to access your account. Once enabled, whenever you sign into your Concordia account you will be prompted to provide a second factor after providing your username and password.

Your second factor is a code generated by the Microsoft Authenticator app. The Microsoft Authenticator app provides push notifications to your mobile device at sign in and can be downloaded to your mobile device for free from Google Play or Apple Store. For detailed instructions on setting up MFA, please see instructions below.

Should you wish to use an alternative MFA method to sign into your accounts, you can choose to have SMS messages sent to your mobile phone or receive an automated voice phone call provide you with a second factor to access your accounts. For detailed instructions please see below. 

Key Benefits

Key benefits of MFA include greater cybersecurity and a reduced risk of having your accounts accessed by someone other than yourself. MFA will protect logins for the following applications:

  • Microsoft 365 applications (Productivity Suites). This includes, but is not limited to, MS Teams, MS Outlook, SharePoint and OneDrive.   
  • Student Information System (SIS)
  • Moodle
  • Virtual Private Network (VPN)
  • eConcordia (mandatory as of August 21st, 2023)

Setting up MFA 

Your MFA is automatically activated, to setup an authentication method please visit the MFA setup page.


Typically, web applications are protected with a username and password only (single-factor). This leaves sensitive data and applications vulnerable to a variety of common attacks. As Concordia adopts more online cloud applications, addressing these threats becomes critical. Unlike older desktop applications, cloud applications are accessible to anyone online. MFA is designed to protect you against attacks that rely on stealing your single-factor credentials. With MFA, someone knowing your password isn't enough to grant them access your account.

As we’ve shifted towards using more online applications out of necessity, there has been a major increase in both the volume and complexity of cyber-attacks against Concordia accounts. The need to strengthen our systems and credentials is critically important to combat the increasingly regular campaigns designed to obtain the passwords of Concordia community members.

Passwords can be obtained by cyber criminals via a variety of methods. Even if you choose a secure password and practice good cyber hygiene, your password can still be obtained by other means outside of your control.

No, you should still follow Concordia’s password guidelines and use a password that is at least 12 characters in length, contains a mix of uppercase and lowercase characters, contains at least one integer and one special character. Additionally, do not re-use your password for other accounts and services.

You will be prompted to confirm your identify via your second factor every time you log into a Microsoft 365 service (Outlook, Teams, OneDrive) through a web browser.

When using applications that access your Microsoft 365 account, such as desktop or mobile installs of Outlook, Teams or OneDrive, you will receive an MFA authentication request. This will only happen the first time the application attempts to perform a sync with MFA. Once your devices and applications are synced you will not be prompted again for two months.

MFA will protect logins for the following accounts:

  • Microsoft 365 applications (Productivity Suites). This includes, but is not limited to, MS Teams, MS Outlook, SharePoint and OneDrive.  
  • eConcordia
  • VPN

What should I do if:

Please contact the Service Desk by email at or by phone at 514-848-2424, ext. 7613.

First setup MFA on your new phone/tablet before relinquishing possession of your old phone/tablet. MFA can be set up on multiple devices at the same time.

Once your new device is configured, erase the contents of your old device if it is being discarded.

If this is not possible, please contact the Service Desk by email at or by phone at 514-848-2424, ext. 7613.

Don’t worry, your account is safe. A phone/tablet alone is not enough to log into your account. Please contact the Service Desk by email at or by phone at 514-848-2424, ext. 7613.

If you were the victim of theft while on campus, please report the incident to Campus Security & Emergency Services at 514-848-3717. They are available 24/7.

If you do not have a cellphone, please contact our Service Desk for assistance with setting up MFA through alternative methods. You can reach us at or dial 514-848-2424, ext. 7613.

Need help? We are here to support you

For any questions related to multi-factor authentication, request support or call the Service Desk at extension 7613.

Back to top

© Concordia University