Setting up Multi-Factor Authentication (MFA)

Multi-factor authentication protects accounts by requiring users to give an additional level of protection beyond just a username and password. It is the most effective way of stopping unauthorised access to your data. MFA works by requiring two or more of the following authentication methods before access is granted:

• Something you know, typically a password
• Something you have, such as a trusted device like a mobile phone
• Something you are – biometrics like a fingerprint or face scan.

Initially, MFA will cover your access to DMU email and other Microsoft 365 services such as Teams and OneDrive. The protection is already in place for the YourDMULabs remote access service for students. The protection will be added to additional services shortly.

Please do not wait until you need to use a system to set up your authentication device, as this may delay access to systems when you most need them.

The easiest method to use is the Microsoft Authenticator app, which is available for Apple iOS and Android phones and tablets. We strongly recommend this as your primary MFA method for the best user experience.

Alternatively, you can use another app such as Google Authenticator and these will generate a random six-digit code for you to enter. While the experience is not so straightforward, it is a useful option if you already use this a specific app for MFA.

You can do it yourself right now by simply visiting aka.ms/mfasetup and following our step-by-step instructions. It is easier to carry out the initial set up of MFA using a computer, so you can scan the QR code from its screen with your mobile.

• When you log into a protected system you will receive a request to authenticate. You need to have your phone with you to access your authenticator app.
• How often you need authenticate will vary and depends on factors such as switching between browsers and devices. When logging on you will see a tick button so that it shouldn’t ask you to authenticate again for 30 days.
• If you are using the Microsoft Authenticator app you will also be asked to enter a two-digit code into your app that is displayed on the screen. This is called number matching and is a quick and easy but very effective additional security measure.

Yes, we recommend protecting your personal online accounts. MFA can block more than 99.9 percent of account-compromise attacks, so we urge you to use it on all your critical accounts.

Here are quick links for how to turn on MFA for popular service providers:

• Gmail
• Yahoo
• Amazon
• Instagram
• Facebook
• Twitter/X
• LinkedIn

If you have a new phone (or another device) or want to change the device you use to authenticate, you will need to update your authentication method to avoid losing access to university services.

Please follow the steps below:

• Keep your old phone switched on and logged on to Wi-Fi, in case you are prompted to authenticate before you have set up MFA on the new phone.
• Set up your new phone as you would usually and download the Authenticator app from the Apple App Store or Google Play.
• On your computer, log on to the Microsoft My Sign-Ins page.
• Click ‘Add method' and follow the instructions to add your new phone. You will need to scan a QR code using your new phone.
• Once you have set up your new phone to authenticate, please delete the existing authentication methods linked to the old phone from the list on the Microsoft My Sign-Ins page on your computer.

No, once you set up for your university account, this will last for as long as your account remains active.

Downloading and using the Microsoft Authenticator app is free, so no charges should be incurred. If you have SMS or voice-call as a backup method, then the university will not charge for these, but you may be subject to usage charges as part of your mobile contract.

If you have lost or had your mobile device stolen, you can access by either:

• Signing in using a different method
• If you are on campus, visit aka.ms/mfasetup and change your default authentication method
• Ask ITMS to reset your MFA settings.

After your settings are cleared by ITMS, you'll be prompted to set up your authentication methods again.

By using this additional authentication, you are helping to keep both your personal and university data secure.

Using the Microsoft Authenticator app on your phone does not allow the university to manage or control your phone, it is just used as a signalling method to confirm who you are and allow you access to university resources. By using the app, you are not providing any personal information. You can find out more about the Microsoft Authenticator app and privacy on the Microsoft website.

Do not verify any access prompt you receive that was not generated by you.

If this happens repeatedly, please report it to ITMS.

If you travel or are based internationally and need to access university services, please use the Microsoft Authenticator app as your default sign-in method. Log into the Microsoft My Sign-Ins page and make sure the 'Default sign-in method' is the authenticator app.

The app will work regardless of location, phone signal, or Wi-Fi availability. You can obtain a one-time code in the app if you do not have data while travelling. Simply open the app and click 'De Montfort University' to see the one-time code if needed.

• Remember: You must have your authentication device with you to log in
• It may take up a few minutes for accounts to synchronise once you set up your MFA
• If possible, use the Microsoft Authenticator app with notifications enabled as your default method
• Do not uninstall and then reinstall the app once you have it, as this will prevent you from logging in to your account
• If you have no signal or changed SIM card, open the app and use the one-time passcode (OTP) to authenticate
• Register more than one authentication device and method in case you do not have access to your primary method.

For any questions or problems about the process that aren’t covered by this FAQ, please contact student.mfa@dmu.ac.uk.