Two-Factor Authentication at the University

Information and help about Two-Factor authentication systems.

What is Two-Factor Authentication?

Two-Factor Authentication (2FA) is an additional layer of security used by the University of Auckland. It is a more secure way of verifying that you are who you say you are.

Why do I need Two-Factor Authentication?

2FA helps protect against unauthorised access to sensitive University applications and research. 2FA requires you to use a unique code in addition to your username and password.

It can also be used to protect you own online accounts such as Google Drive, OneDrive, Dropbox, LinkedIn, Facebook etc.

Who needs Two-Factor Authentication?

2FA is currently mandatory for all staff and doctoral students, and optional for everyone else. This mandatory requirement will progressively expand to include all users of the University systems.

What do I need to do?

To be able to access your online applications you will need to set up a token. You can do this by:

  1. Going to Create New Software Token
  2. Select which device (Apple iPhone, Android) you wish to set up your token on
  3. Follow the instructions 

If you already have a 2FA token set up and wish to use it on additional devices you can do that by Managing your existing token.

Will I need to use Two-Factor Authentication every time I access my online University account?

You will need to use 2FA for each device and each browser you use. Once you have used 2FA on a particular device and browser, you won’t need to use it again on that device or browser until you need to change your University password.

Some browser-based applications might require you to use the token every day.

Other Information

What if I already have a token set up for Two-Factor Authentication?
If you already have a token and you are using it to access online University applications such as Canvas or the Staff Intranet, there is nothing in addition you need to do.
What if I don't have a work mobile phone? All devices can be used to access the online University Applications. Installing an authenticator on your personal device is a highly recommended security feature to protect all you online accounts. Using an app such as Authy or Google Authenticator does not use up any of your data and can also be used to protect your personal online presence such as for OneDrive, LinkedIn, Twitter or Facebook. 
What if I don't have a smartphone? You can use a browser-based authenticator ( on your computer, or in certain circumstances, you can have a physical token device known as a Yubikey.
Can I set up the token on more than one device? Yes. You can set the token up on multiple mobile devices.