Guide for using Tokens for Enhanced CWL

As part of our ongoing effort to enhance cybersecurity, UBC introduced Enhanced CWL (eCWL: multifactor authentication) to all faculty and staff, effective May 31, 2019 for the Okanagan campus.

UBC applications that require a CWL for access, in addition to a username and password, may now also ask to verify user identity using a secondary method to validate logins (based on the risk context of the specific authentication request). For more information about the project, please visit the eCWL page at  

Note for student employees: To improve the user experience, and for auditing and security purposes, UBC requests users have only one CWL account. Therefore if a student is hired as an employee they will be required to use eCWL to login to all UBC applications which require CWL (including those not related to their employment) until they are no longer classified as an employee.

This guide provides more information about hardware tokens for eCWL which some employees may require to properly fulfill their employment appointment.

When may a hardware token be necessary?

When may a token be preferable over the downloadable app?

What types of tokens are available?

There are two types of tokens available for purchase, OTP tokens and USB Tokens.

Where can you get a hardware token?

How to associate a Token with eCWL

How to use a Token for eCWL

IMPORTANT: If your department loans you a token it should be removed from your list of associated eCWL devices and returned to the department at the end of your appointment.

How to REMOVE a Token from eCWL

For more information or assistance, please contact the ITServices Helpdesk - 250.807.9000 or 855.807.9001.

Article ID: 983
Created On: Thu, Jun 13, 2019 at 3:35 PM
Last Updated On: Fri, Jun 14, 2019 at 10:44 AM
Authored by: Erin Trifunov

Online URL: