All VPN users must upgrade to the latest tested and approved version of FortiClient and enable multi-factor authentication due to security vulnerabilities with earlier versions of the software. 

Please note that users with desktops on campus do not need to perform any action

What you'll find on this page


Concordia was recently alerted by the Government of Quebec that older versions of FortiClient, Concordia’s Virtual Private Network (VPN) software, have a critical vulnerability that puts users at risk of cyber-attacks.  

In an effort to strengthen the security of your VPN connection, Concordia is also asking all VPN users to enable multi-factor authentication (MFA) in their software.

A two-factor authentication process at sign-in significantly increases your account security. Enabling MFA provides greater protection for your sensitive information such as research data, personal information, and more.

How to ensure your computer is protected

Concordia owned devices

If you are using a Concordia-owned device, please book a security health check as soon as possible. An IT service technician will assist you in upgrading your software and/or enabling MFA. This check will also allow a technician to update and secure your computer while you are on campus, which has been difficult throughout the pandemic. 

You can schedule an appointment in your office or bring your computer to your preferred IT Service Center. Unfortunately, remote assistance will not be possible because of the work required on the VPN. The process will take approximately 30 minutes on average depending on your operating system and the version of FortiClient you are using. 

Personal computers 

If you are using a personal device, you need to uninstall your current version of FortiClient before reinstalling the latest version If you are a faculty or staff member, please ensure you enable MFA during the reinstallation/ configuration process. For detailed instructions, please see below. 

NOTE: For students, please do not enable multi-factor authentication (MFA) on your VPN unless you’ve enabled MFA on your Concordia account, doing so may lead to you being locked out of VPN.  

Desktops on campus 

No action is required.

Upgrading to FortiClient 

If you are using a personal device, you need to uninstall your current version of FortiClient before reinstalling the latest version and enabling MFA. 

Resources and support

If you have any question or concerns, contact the IT Service Desk by email at or call 514-848-2424, ext. 7613 to speak with a Service Desk agent between 8:00 a.m. and 11:00 p.m. on weekdays.


Back to top

© Concordia University