As of Monday July 31, 2023 all business users signing into MyCFP Portal, Individual Web Services (IWS) or Business Web Services (BWS) are now required to go through multi-factor authentication.
Please direct questions or issues with BWS to [email protected]. We are working closely with industry-policy invested politicians and Shared Services Canada to get a more workable and reliable system.
Should businesses experience specific issues with GCKey, we recommend they consult the GCKey help page for assistance and troubleshooting.
There are a couple of items we can highlight that might assist:
- Each user must create a GCKey account using an email address unique to them. If they’ve used other GOC online services, they may already have GCKey credentials; and
- If setting up a GCKey account for the first time, they will be required to create their own user name and password, and then select their preferred multi-factor authentication method.
For further technical assistance, we would advise businesses to consult the GCKey support page or contact SSC directly
Registering for multi-factor authentication:
BWS users have the option to use an authenticator app on either their phone or
desktop, or use email address.
To register for multi-factor authentication using email, they will need to
provide and confirm an email address.
If they agree to the multifactor authentication privacy and consent statement, they will be sent a onetime passcode to the email address they provided to CFP each time they sign in to
the portal.
Clients can register using an authenticator app, they will need to follow the directions for “Use your smartphone or tablet” or “Use your desktop device”.
Q & A
thank you Alberta Chief Firearms Office
Q: What is multi-factor authentication
A: Multi-factor authentication (MFA) is a mandatory enhanced security measure that was implemented throughout all CFP online sign-in services.
Q: Why is this change being introduced?
A: GCKey MFA will greatly improve the GC’s security as an intruder would have to penetrate an additional security layer in order to gain access to a GCKey user’s account and GC online programs and services.
Q: What is a one-time passcode?
A: A one-time passcode is an automatically generated string of characters or numbers that authenticates a user for a single sign-on. Once enrolled in MFA, users are required to enter a one-time passcode each time they sign in. This code is good for a single sign-in session and will expire if not used within a few minutes. If using the email option, GCKey will be providing their own one-time passcode in the form of 8 characters consisting of letters and/or numbers.