2SV: What is 2-Step Verification (2SV)?

Passwords are the main way VIU accounts are protected today. However, passwords alone are no longer enough to secure your important documents and access. Cyber criminals can get into your account if they guess your password correctly. They can also trick you into sharing your password by using a phishing email or finding a stolen password that has leaked on the internet. That's why almost all online services (including social media, banks, shopping, etc.) have added a way for your accounts to be more secure. This includes higher education institutions, which have become prime targets of phishing and ransomware attacks in recent years.

What is 2-Step Verification (2SV)?

2-Step Verification (Also commonly referred to as 2SV, Multi-factor Authentication (MFA) or 2-Factor Authentication) allows you to log in only after successfully presenting two or more pieces of evidence or "steps". These steps are a more secure way of verifying that it's you when you try to log in. For example, a password is one kind of step, it's a thing you know.

The three most common types of steps are: 

  1. Something you know - Such as a password
  2. Something you have - Such as a smart phone or a hardware Token
  3. Something you are (also called biometrics) - Such as a fingerprint or facial recognition (VIU does not currently employ this method.)

VIU Employees, and VIU Associates that have a VIU account, are now required to use 2SV for some services. With 2SV, your account will be protected with both your password AND your phone (via a text, phone call, or app), or a Hardware token, provided by VIU, to be used on your computer. This adds an extra layer of security that prevents unauthorized access to your account and helps to ensure that student and employee data is protected.

What VIU services will require 2SV?

  • VIU email (Outlook and Webmail)
  • Microsoft 365
  • IT Client Portal
  • OneDrive
  • Teams
  • Other services will eventually be added to this list

How does it work?

A 2-Step Verification enrollment has been activated for VIU accounts,.   If you are not using a wired network or  Secure VIU on Campus, you'll be prompted to enter your password AND a verification code when you sign-in to your email account for the first time on a new device. After the initial sign-in, the device will be trusted and will no longer prompt for approval the next time you sign-in.  (If you are on a VIU Campus using our Wired Network or VIU-Secure you will not get these prompts).
IF you have NOT set up your account for 2SV, you will be prompted to do so the first time you log into a secure VIU resource.  Please call the Service Desk if you need assistance with this process.

Who needs to sign up for 2SV?

VIU students, faculty, staff and associates (including retirees, affiliates, honorary research associates and adjunct faculty) that have a VIU account

When will 2SV be required?

2SV is now mandatory for all VIU students and associates, the voluntary period has ended.

How do I enable 2SV for my account?

Click anywhere on the green banner below to open the 2SV set up page:

How do I set up 2SV?

Will I need to set up 2SV for each application?

You do not. One setup will work across all relevant applications/programs. You only need to enroll once.

What if I already have the MS Authenticator App for another business?

You can set up your existing MS App so that it will work for VIU as well as the other business.  Instructions for setting up a second Verified ID are provided in the Instructions:  
How do I set up 2SV -  look at Option 1, Step 5 for the link to the PDF. 

Will 2SV slow down the performance of my applications?

No, there is no impact on system performance.

Do I need to verify every time I sign in?

Not at all! Verification lasts for 30 days, at which point you will be prompted to verify again the next time you sign in. Please note that each 'verification' is independent. This means if you sign in to Outlook one day, but sign in to Teams four days later, they'll each hold their own 30 day timers.

Keep in mind, that if you are on Campus and connected to a Wired Network or Secure VIU (wifi), you will not be prompted for verification.

Do I need to verify for every application I use?

Yes. Each applicable app requires it's own verification, and each verification last for 30 days, on it's own timer.

What if I get a verification I did not request?

  • Check your logged in devices (Computers, mobile devices, etc.) for prompts.
    • Remember that each app on each device requires re-authentication every 30 days
    • Apps like email or teams on a mobile device will likely try to authenticate repeatedly
    • Make note of the location that the request is coming from. While not precise, the notification should provide the general area that the request is coming from.
  • If it is not your device(s), Deny the request and Change Your Password immediately
    • You'll only receive a verification request from a program that already has your password. If it doesn't come from your devices, it came from someone else that's already compromised your password. 
    • Note: A common tactic in these situations is to repeatedly send verification requests until you say yes, just to make the notifications stop. This has been observed in security breaches at Uber and other high profile companies.

What is the recommended method of 2SV?

The Microsoft Authenticator mobile app is the recommended method for most users, as it is the most secure. It provides both online and offline code options to log in, which is useful if you are at an offline location (such as out of country). The Microsoft Authenticator app takes up very little space on your phone, and you can use the app without an Internet connection or cellular data.

NOTE: The Microsoft Authenticator App for Android Phones requires an  OS of 8.0 or higher. Apple phones require iOS 14 and up.
If your phone is not able to update to a current OS, you can still use it with Option 2 - receive a text or phone call.

Can I 'Opt out' of 2SV?

Once you are signed up for 2SV, there is no option to opt out. 2SV will be required to access some applications moving forward, so users of these applications will need to be enrolled. 

How much data does the Microsoft Authenticator app use?

If you have set up Microsoft Authenticator to notify you to authenticate, it only uses a minimal amount of data -- less than 2KB per authentication. If your device is connected to Wi-Fi, no mobile data will be used. If you use the code generated by the Microsoft Authenticator App, no data will be used.

Can I use a different authenticator app?

While the MS authenticator app is the default, you can use any compatible authenticator app. Please note that there will be limited or no support from the IT Service desk for non-MS apps.

I have more questions. Where can I get assistance?

A few different places!

  • You can find non-IT peer support via Teams. 
  • For issues in signing up or verifying your applications, you can reach out to the IT Service Desk at ithelp@viu.ca
  • You can call the IT Service Desk at 250-740-6300/1-833-902-6301 (Toll Free), Monday to Friday, 8:00 AM - 4:30 PM.