Enhanced CWL Frequently Asked Questions

UBC Faculty, students and staff are being asked to update their Campus-Wide login (CWL) account to an “Enhanced CWL” account. This major change to our access to UBC information systems by means of CWL requires features multi-factor authentication, which provides an additional layer of protection. This is a standard across North-America intended to provide an effective way to prevent unauthorized access to information.

Two-factor or multi-factor authentication requires two devices – e.g., your laptop and your cellphone -- to identify a user. This way, even if someone steals your password, the cybercriminal would not be able to hijack your account when it is protected by multi-factor authentication.

UBC’s Chief Information Security Officer has determined that multi-factor authentication will effectively protect our student, staff and financial information, as cybercriminals are consistently targeting this data. This is also a legal requirement.

All UBC information services and applications that require a CWL will require two-factor authentication. This includes Virtual Private Network (VPN), Outlook Web Access (mail.ubc.ca), and systems like ServiceNow, Canvas, Faculty Service Centre, etc.

Yes, you will have to use the multiple-factor authentication regardless whether you access the systems on campus using ubcsecure network or off-campus.

In some cases, you will have a choice to check the box “Remember me for 7 days” so you will not be asked to use Enhanced CWL repeatedly. But this option depends on the security profile of the UBC information system. Some systems, e.g. Canvas will allow you to login and stay logged in for multiple days, but Scientia, for example, will time out if it is inactive for half an hour, and require you again to log in with two-factor authentication.

You can use a USB-based device (token) that will automatically enter the passcode when prompted, or a non-USB device (if you work on a tablet or a laptop that doesn’t have a USB port) that will generate a unique code. If you are using a non-USB device, you will manually enter the code when prompted.

To accomplish two-factor authentication required by Enhanced CWL you can elect to use a secondary device such as your cellphone, a USB key or a non-USB token. Within the unit where you are employed, you will have an opportunity to request a USB-based device or non-USB token. First, see below for information on the various options – how they work, advantages/disadvantages, system requirements, what port they require and so on.

Enhanced CWL Secondary Device Options

Register one of multiple devices at mfadevices.id.ubc.ca