VPN access will require Two-Factor Authentication (2FA)


Published: 13May2020

Update: May 13, 2020

Two-Factor Authentication (2FA) was successfully implemented on the Virtual Private Network (VPN) as planned on May 5, 2020. Of those who were using the VPN prior to May 5th, 84% of staff and 47% of students and/or affiliates have enabled 2FA and now connect with greater security.

This implementation is timely. Cyber criminals have shifted their focus to exploit the global Covid-19 pandemic by targeting remote workers. Reports on coronavirus-themed attacks include a rise in phishing emails and malware spam campaigns, particularly in regions with escalating cases of Covid-19. As we adopt more thorough hygiene practices to stop the spread of the virus, so must we improve our cyber hygiene. 2FA is a crucial step to increase login security and protect our internal resources, now more than ever.

Thank you for your patience and cooperation as we work to improve our collective cybersecurity.

Update: April 3, 2020

The mandatory implementation of Two-Factor Authentication (2FA) for Virtual Private Network (VPN) access has been postponed until May 5th, 2020.  Although the University strongly believes in the importance of improving our cybersecurity practices, especially with the increase in remote connectivity, it also recognizes the emotional impact that remote work transitions may have had on our community.  Therefore, this final extension has been granted.

VPN users are strongly encouraged to configure their 2FA account well in advance of the new deadline so that they can get IT Service Desk support if necessary.  Call wait times may be longer than usual; we greatly appreciate your patience at this time. 

Update: March 19, 2020

In light of the COVID-19 virus pandemic, and the increased use of McGill’s Virtual Private Network (VPN) as many of us are working remotely, IT Services would like to share the following update.

As previously announced, beginning on April 7, 2020, connecting to the VPN will require Two-Factor Authentication (2FA). The timeliness of this implementation date was discussed at the Emergency Operation Center (EOC) and the strategy remains to move forward with the deployment.  It has become increasingly important to protect our infrastructure from cyber threats.  Strengthening our login security with 2FA is strongly recommended, now more than ever. 

The IT Service Desk will be available to support you if you encounter any issues with the 2FA setup instructions.  We will be closely monitoring the implementation and will provide feedback to the EOC to assess if this strategy needs to be readjusted.

Instructors should be aware that 2FA will only be mandatory on the VPN.  Other resources such as Office 365, Outlook, MyCourses and Zoom will not be affected for the time being.

Note: Users should not use their office phone as a second method for authentication, as it is not remotely accessible.

Original message: March 12, 2020

Beginning on April 7 2020, connecting to McGill's Virtual Private Network (VPN) will require Two-Factor Authentication (2FA) as part of McGill's ongoing IT security initiatives.

The VPN provides secure communications over the Internet ensuring that only members of the McGill community have remote access to our internal network.  2FA will affect how you connect to the VPN.

What action is required to ensure your VPN access?

  • If you have already opted in to 2FA:
    You are already authenticating with 2FA on the VPN and you have no further action to take.
  • If you have not opted in to 2FA:
    You must opt in and complete the setup of your 2FA account prior to April 7, 2020 if you want to connect to the VPN.  It is recommended that you complete the setup during regular business hours in case you require assistance from the IT Service Desk.
  • After April 7, 2020, you will receive an error message (see example, top left) and will be unable to connect to the VPN until you opt in to 2FA.

For more detailed information about 2FA, and how it will affect your VPN access, see the 2FA FAQs

If you have any questions regarding this change, please contact the IT Service Desk

Back to top