What is Multi-Factor Authentication?

A description of Multi-Factor Authentication (MFA) and how it is used at the University.

MFA is an approach to online security that requires you to provide more than one form of verification detail to access an account, log in or complete a transaction online.

Also known as ‘Two-step verification’, MFA adds an extra layer of protection to things you do online. It is used regularly for online transactions like banking, shopping and using payment websites like PayPal.

Signing into online services has been traditionally been done with just one type of verification factor, for example a username and password. Only using one type of verification is not very secure because usernames and passwords can be easy for cyber criminals to discover, meaning your accounts can be fraudulently accessed and your data compromised.

MFA is a more secure approach because it requires you to verify in more than one way, as an added check to ensure you are who you say you are.

Different types of verification factor include:  

  • Something you know – like a username and password  
  • Something you have – like a mobile phone or tablet on which you can receive and respond to verification requests  

For MFA to work as it is supposed to, it should involve at least two different kinds of factors to reduce the chance of fraud. Cyber criminals may be able to discover your password but they can’t easily steal your phone as well.

Why is Multi-Factor Authentication (MFA) important to you?

Using MFA significantly increases the security of accounts, and therefore helps keep your personal data, and the University’s data secure.

If MFA is used, it makes it much harder for hackers to damage University networks – they may be able to obtain account details by sending scam emails, but they would also need to be in possession of the authentication device in order to access the phished account.  

Personal Devices and Multi-Factor Authentication (MFA)

If you're concerned about setting up MFA for work on a personal device you may be using, we've found this helpful video that explains why you shouldn't worry:

What happens after Multi-Factor Authentication (MFA)Activation?

You will be asked to sign in using MFA when you access University services at least every 30 days. How often you are prompted to sign in depends on various factors, including using private web browsing, using multiple browsers and multiple devices.

Please ensure you have the phone or device you use to authenticate available to you whenever you may wish to log into University services. 

People and Money (P&M)  Multi-Factor Authentication (MFA) User Journeys

As a part of the rollout of MFA to the University, there was a requirement for everyone who used Microsoft 365 products to register method(s) of authentication to allow them to continue to use the products. MFA is now being rolled out to the People and Money service, meaning that anyone who uses that system will now need to do 2 factor authentication when they log into it.  Below you will see two different user journeys: 

This is to show how the addition of MFA to People and Money will affect the user experience when someone has already registered.  

This is to show the user journey for a user who has not yet registered for MFA and how they will be guided through registration before they can access the People and Money system.  

Set up a second Multi-Factor Authentication (MFA) method

You may temporarily lose access to your Microsoft 365 services and P&M if you:

  • Forget the phone or device you use for MFA
  • Lose or break the phone or device you use
  • Get a new phone or device and fail to set up MFA on a new device correctly
  • Travel away from the UK and have SMS or phone call authentication set up as your main authentication method. 

To reduce the risk of this happening, we recommend that you add a second authentication method, preferably one you can access using a different device. 

Ready to register?

Need help?

Get MFA Support 

This article was published on