Multi-Factor Authentication

Multi-factor authentication is a way of confirming your identity through two separate sources of information: your username/password, and a separate device (mobile phone or tablet). It is one of the best ways of improving your online security.
MFA is required for new employees and Honorary/Affiliate staff 

For all other staff and students, this is a two-step process.

Step 1: Opt-in

Step 2: Set-up

Only set up multi-factor authentication after it has been enabled on your account.
You will receive an email informing you when this will happen.

Please allow 10-20 minutes to complete the set-up.

We recommend using the Microsoft Authenticator app on your mobile device.

About multi-factor authentication

Multi-factor authentication is a method of confirming users' claimed identities by, in our case, using a combination of two different factors:

  1. something you know (username and password)
  2. something you have (a device - mobile phone or tablet)

The Microsoft Authenticator app enables authentication, usually with approve/deny selection or by showing a randomly-generated and constantly refreshing code. The sign-in frequency is 30 days but this does not necessarily mean you will be only be prompted every 30 days. Factors such as the use of multiple devices and various web browser sessions could mean that you are prompted more often.

Why do I need to use multi-factor authentication?

Cyber attackers obtain passwords by phishing or guessing. The second layer of security protects your account so that even if someone else obtains your password, they are unlikely to also have your second step, e.g. your phone. This is considered best practice by IT security and industry professionals and has been approved by the University.

Using multi-factor authentication

Once you have set up multi-factor authentication you will be asked to approve/deny access or input a code periodically, whenever you log in to a multi-factor authentication supported service on a new device/browser or when you have logged out. Initially, this will be for Office 365.