Protecting CIHR systems and user privacy: Multi-factor authentication (MFA) in ResearchNet

  • What is multi-factor authentication?

    Multi-factor authentication (MFA) is a way of protecting accounts by confirming the identity of a user by checking two different proofs of identity before they are given access. It is commonly used for online banking, social media accounts and other applications.

  • Why is multi-factor authentication important for security?

    MFA is like a back-up plan for your password. If someone else learns your password, MFA adds another layer of security. The intruder would be required to go through an extra verification step that could only be confirmed through your email. This makes it harder for them to access your account, lowering the risk of your password being stolen, identity fraud, or data breaches.

  • How will multi-factor authentication work in ResearchNet?

    • Step 1: Sign in to your ResearchNet account using your email and password

    • Step 2: As you are signing in, you will be asked for a verification code that will be sent to the email address linked to your ResearchNet account.

      Long Description

      Sign in box will appear with the message ‘We have sent you a one-time verification code to email [your email here]. Please enter the code to complete the login process.’ You have the option to enter your code and select ‘Verify code’ or to select ‘Resend code’.

    • Step 3: Check your email inbox for a message from NoReply-NePasRepondre@cihr-irsc.gc.ca containing the verification code. If you can’t find it, check your junk folder.

    • Step 4: You will have 10 minutes before your verification code expires.

      Enter the verification code and click ‘verify code.’

      Note: If your code expires, you will be required to return to the home page and sign in again.

    • Step 5: You have now successfully signed in to ResearchNet.

  • Can I receive my one-time verification code by text message?

    No, there is no option to send the code to a user’s phone. All users will receive their one-time verification code to the email address registered to their ResearchNet account.

    To prepare for this upcoming change, it is important that everyone with a ResearchNet account double checks that they have access to the email address connected to their account profile before September 18, 2024.This will ensure users have uninterrupted access to ResearchNet and can log in without seeking assistance from the Contact Centre. To change the email address connected to your ResearchNet account, please refer to the steps outlined in question number 5.

  • How do I change the email address connected to my ResearchNet account?

    • Step 1: Sign in to ResearchNet using your email and password

    • Step 2: Click on your name at the top right of the screen

    • Step 3: Select ‘ResearchNet Account Settings’ from the drop-down menu

    • Step 4: Modify the email address in the ‘Email address (required)’ field.

      Long Description

      On the ResearchNet Account Settings page, scroll to the ‘e-mail address (required)’ field, which will contain the email address connected to your ResearchNet account.

    • Step 5: If you change your email address, you will be required to enter your password, confirm your password, and click submit at the bottom of the page. Note: you do not need to change your password

    • Step 6: Once you have clicked submit, you will be prompted to save your changes

    • Step 7: After saving your changes, you will receive a notification letting you know that your profile has been updated successfully

  • Can I disable multi-factor authentication?

    MFA cannot be disabled. MFA will apply for all users signing in to ResearchNet, including staff, and cannot be skipped.

    If you require support on your application submissions, keep in mind that you can use the Manage Access task in ResearchNet to delegate access to your application easily and securely to a set number of individuals.

  • Do I have to go through multi-factor authentication every time I sign in to ResearchNet?

    Yes, users will be required to go through MFA every time they sign in to ResearchNet. Should a ResearchNet session be timed out after 60 minutes of inactivity, users will need to re-authenticate themselves using MFA. It is important to save your work often to prevent the loss of any changes.

Date modified: