Protecting CIHR systems and user privacy: Multi-factor authentication (MFA) in ResearchNet

  • What is multi-factor authentication?

    Multi-factor authentication (MFA) is a way of protecting accounts by confirming the identity of a user by checking two different proofs of identity before they are given access. It is commonly used for online banking, social media accounts and other applications.

  • Why is multi-factor authentication important for security?

    If someone else learns your password, MFA adds another layer of security. The intruder would be required to go through an extra verification step that could only be confirmed through your email. This makes it harder for them to access your account, lowering the risk of your password being stolen, identity fraud, or data breaches.

  • How will multi-factor authentication work in ResearchNet?
    • Step 1: Sign in to your ResearchNet account using your email and password

    • Step 2: As you are signing in, you will be asked for a verification code that will be sent to the email address linked to your ResearchNet account.

      Long Description

      Sign in box will appear with the message ‘We have sent you a one-time verification code to email [your email here]. Please enter the code to complete the login process.’ You have the option to enter your code and select Verify code or select Resend code.

    • Step 3: Check your email inbox for a message from NoReply-NePasRepondre@cihr-irsc.gc.ca containing the verification code. If you can’t find it, check your junk folder.

    • Step 4: Enter the verification code and click verify code.

      Note: You will have 10 minutes before your verification code expires. If your code expires, you will be required to return to the home page and sign in again.

    • Step 5: Once you have successfully entered your verification code, you will be brought to the ResearchNet home page. You have now successfully signed in.

  • Can I receive my one-time verification code by text message?

    No, there is no option to send the code to a user’s phone. All users receive their one-time verification code to the email address registered to their ResearchNet account.

    It is suggested that users ensure the email linked to their ResearchNet account is easily accessible (i.e., accessible by phone), as this could make retrieving the authentication code easier and less time-consuming, should they get logged out.

  • How do I change the email address connected to my ResearchNet account?
    • Step 1: Sign in to ResearchNet using the email address that is currently linked to your ResearchNet account, and your password.

    • Step 2: Go through MFA to complete the sign in process.

    • Step 3: Once you have successfully signed in, click on your name at the top right of the screen.

    • Step 4: Select ResearchNet Account Settings from the drop-down menu.

    • Step 5: Modify the email address in the Email address (required) field to the email address that you would like all correspondence to be sent to.

      Long Description

      From the ResearchNet Home Page, you will navigate to ResearchNet Account Settings in the drop-down menu, which brings you to a new page. Scroll to the e-mail address (required) field, which contains the email address connected to your ResearchNet account.

    • Step 6: If you change your email address, you will be required to enter your password, confirm your password, and click submit at the bottom of the page. Note: you do not need to change your password.

    • Step 7: Once you have clicked submit, you will be prompted to save your changes

    • Step 8: After saving your changes, you will receive a notification letting you know that your profile has been updated successfully. Any future correspondence will be sent to the updated email address.

  • Can I disable multi-factor authentication?

    MFA cannot be disabled. MFA applies for all users signing in to ResearchNet, , and cannot be skipped.

    If you require support on your application tasks, you can use the Manage Access task in ResearchNet to delegate access to your application easily and securely to a set number of individuals.

  • Do I have to go through multi-factor authentication every time I sign in to ResearchNet?

    Yes, users are required to go through MFA every time they sign in to ResearchNet. Should a ResearchNet session time out after 60 minutes of inactivity, users need to re-authenticate themselves using MFA. It is important to save your work often to prevent the loss of any changes.

    By refreshing your session every 50-55 minutes, or by performing a simple action, such as clicking through the system or saving a score using the e-scoring tool, you can reset the session timer and prevent being logged out.

  • What can I do if I have not received a verification code?

    If you have not received your verification code, here are some troubleshooting steps you can take:

    • Check to see if the email is hiding in your spam or junk folder
    • Make sure the NoReply-NePasRepondre@cihr-irsc.gc.ca email address providing the code is marked as safe email content by your Information Technology Department
    • Try to resend the code in case there are network issues.

    If you have tried these steps and still have not received your verification code, contact the Contact Centre at 1-888-603-4178 or support-soutien@cihr-irsc.gc.ca for assistance.

Date modified: