Two-step verification and account security

    What is two-step verification?

    Two-step verification, also known as two-factor authentication (2FA), is an additional layer of end-user account protection beyond a password. Specifically, 2FA verifies your identity by using two methods, or factors, of authentication: something you know (e.g. a password), and something you have (e.g. a mobile device).

    Why is Canada Post introducing two-step verification?

    Two-step verification significantly decreases the risk of account takeovers. It does this by combining your password (something you know) with a second step of verification, like a one-time access-code or push notification sent to your mobile phone or email address (something you have).

    Is two-step verification required?

    Yes, we are introducing two-step verification to help protect your online account.

    When will I be prompted to sign in using two-step verification?

    You will be prompted to sign-in with two-step verification when:

    • you try to recover your username or password
    • you update secured areas of your profile
    • we detect suspicious login behaviour on your account
    How long will it take to receive the one-time access code?

    It should be instantaneous. If for whatever reason you do not receive it, you can either ask for another one-time access code, or use the alternative method presented to you.

    If I skip setting up two-step verification, will I be prompted to add a mobile phone number again?

    We will periodically remind you to add a mobile number to set up two-step verification.

    What does it mean if I receive a one-time access code, but didn’t request it?

    If you receive a one-time access code but did not request one, there is a chance someone may be using your account password — but don’t worry. Whomever is attempting to access your account won’t get the access code that you received. We still recommend immediately changing your affected account password.

    Can I change the phone number used for two-step verification?

    You can change the phone number from the two-step verification settings page, which is accessed from My Profile.

    Can I remove my two-step verification phone number?

    Once a mobile phone number has been added, it cannot be removed. However, you can change this phone number at any time. You will also always have the option to receive your one-time access code via the email address you have in your profile.

    What if lose my mobile phone?

    You can change your phone number if required. You will also always have the option to receive your one-time access code via the email address you have in your profile.

    What if I set up two-step verification, but I’m not receiving the one-time access code?

    You can verify your identity and attempt to resend the access code, or choose to send using a different method such as your email.

    What do I do if I fail two-step verification?

    You can request that we send another one-time access code. If you still cannot pass two-step verification, you will not be able to access your online account. Please call us.

    What if I don’t have a mobile phone?

    Two-step verification works with text messages and email. If you do not have a mobile phone that can receive SMS text messages, then you will have the option to receive the one-time access code via email.

    What if I do not want to provide my mobile phone number for two-step verification?

    You will have the options to either receive a one-time access code via your email, or you can answer a security question from your Profile. Please check your Profile to ensure your email address is up to date.