Multi-factor authentication

Learn more about using multi-factor authorization (MFA) and how it keeps your information safe when using Online Services.

Sign in Sign in

What is MFA?

Multi-factor authentication (MFA) is a method of verifying your identity to prevent unauthorized access to your Online Services account.

Why should I use MFA?

Your Online Services account holds personal details like your address, phone number, and financial details.

A password usually keeps your account safe - but as cyber crime rates continue to rise, your account could use more protection to keep your sensitive data private.

MFA makes sure only you can access your account by verifying your email or phone number, keeping your information in your hands.

How do I set up MFA for Online Services?

The next time you sign in to your Online Services account, you’ll be prompted to verify your email.

Once you enter the security code we send you, you can enter a phone number to receive voice or SMS security numbers instead.

We are implementing MFA for additional security to protect the personal and financial information in your Online Services account.

If your phone does not have SMS capability, you can choose to receive your unique security code via a voice call. Once MFA is enabled, you will have the option to verify your identity by email or phone.

You can choose to receive your unique security code via email, SMS message or voice call. These options meet Canadian accessibility standards.

Once MFA is enabled, you can choose how you’d like to receive your unique security code (email, SMS message or voice call) each time you are asked to verify your identity.

Texts and voice calls:

The message you receive will be in the same language as the Online Services platform you used to request the code.

E-mail:

The message accompanying the unique security code will be presented in both French and English, with French appearing first to accommodate language laws in Quebec. In a later update, the email will appear in the same language as the Online Services platform you used to request the code.

No. Single sign-on will still apply when you are transferred from the mobile app to web pages, even if you have set up MFA.

Note: Single sign-on doesn’t apply if you use biometrics to log in to Online Services. We’re working to address this in a later update.

The email address used for MFA is the email address registered to your Online Services account. When you update the email address in the “Profile” section of your Online Services account, the email address used for MFA will be updated automatically.

At this time, the phone number that you use to register for MFA cannot be changed. This will be added in a future update.

Yes, after the launch on December 2, 2025, app users will need to download the latest version of the mobile app to enable MFA and sign in successfully. You should see a message asking you to update your app if it is out of date.

Our use of cookies: We use cookies and other similar technologies to understand how you use our website and create more customized experiences for you. They improve your browsing experience and support our fraud prevention efforts. For further information on how we use cookies and other similar technologies, and how you can control them, visit our Cookie policy. By visiting this website, you agree to our use of cookies and other similar technologies as described in our Cookie notice.

Got It