Multi-factor authentication

We are implementing MFA for additional security to protect the personal and financial information in your Online Services account.

If your phone does not have SMS capability, you can choose to receive your unique security code via a voice call. Once MFA is enabled, you will have the option to verify your identity by email or phone.

You can choose to receive your unique security code via email, SMS message or voice call. These options meet Canadian accessibility standards.

Once MFA is enabled, you can choose how you’d like to receive your unique security code (email, SMS message or voice call) each time you are asked to verify your identity.

Texts and voice calls:

The message you receive will be in the same language as the Online Services platform you used to request the code.

E-mail:

The message accompanying the unique security code will be presented in both French and English, with French appearing first to accommodate language laws in Quebec. In a later update, the email will appear in the same language as the Online Services platform you used to request the code.

No. Single sign-on will still apply when you are transferred from the mobile app to web pages, even if you have set up MFA.

Note: Single sign-on doesn’t apply if you use biometrics to log in to Online Services. We’re working to address this in a later update.

The email address used for MFA is the email address registered to your Online Services account. When you update the email address in the “Profile” section of your Online Services account, the email address used for MFA will be updated automatically.

At this time, the phone number that you use to register for MFA cannot be changed. This will be added in a future update.

Yes, after the launch on December 2, 2025, app users will need to download the latest version of the mobile app to enable MFA and sign in successfully. You should see a message asking you to update your app if it is out of date.