Setting up Multi-Factor Authentication (MFA)
De Montfort University is committed to protecting the online safety of our staff and students. We use MFA as an extra layer of security to prevent unauthorised access to accounts.
A multi-factor authentication app on your smartphone can prevent unauthorised access to your DMU account as well as other important personal accounts such as Gmail, Facebook, Twitter, and so on. Multi-factor authentication is shortened to MFA and may also be called two-step verification or 2-factor authentication (2FA).
Setting up and using MFA is very simple but this extra layer of security makes it incredibly difficult for attackers to access your accounts and data. According to Microsoft, MFA can block at least 99.9 percent of account-compromise attacks.
You will need to use MFA to access your DMU email, OneDrive, Teams and online Microsoft Office applications from any off-campus location. See our step-by-step set-up guide.
You won't currently need to use MFA to access these services from DMU computers or personal devices when you are on the Leicester campus and connected to our Eduroam Wi-Fi network. MFA is already needed to access the YourDMULabs remote access solution.
Once MFA is activated on the account that you want to protect, and you’ve linked your chosen MFA app with it, you’ll be prompted to approve it using your phone’s app if you sign in from a new device or browser (usually by pressing to confirm or by entering a simple code)
It means that even if someone guesses or gets hold of your account password, they won’t be able to access your account from their devices because the MFA app on your phone will stop them.
We strongly recommend using the Microsoft Authenticator for the best experience (other apps such as Google Authenticator are also suitable if you prefer). See our FAQ below for more information.
What is MFA?
Multi-factor authentication protects accounts by requiring users to give an additional level of protection beyond just a username and password. It is the most effective way of stopping unauthorised access to your data. MFA works by requiring two or more of the following authentication methods before access is granted:
- Something you know, typically a password
- Something you have, such as a trusted device like a mobile phone
- Something you are – biometrics like a fingerprint or face scan.
What services are being protected by MFA?
Initially, MFA will cover your access to DMU email and other Microsoft 365 services such as Teams and OneDrive. The protection is already in place for the YourDMULabs remote access service for students. The protection will be added to additional services shortly.
Please do not wait until you need to use a system to set up your authentication device, as this may delay access to systems when you most need them.
What's the easiest way to use MFA?
The easiest method to use is the Microsoft Authenticator app, which is available for Apple iOS and Android phones and tablets. We strongly recommend this as your primary MFA method for the best user experience.
Alternatively, you can use another app such as Google Authenticator and these will generate a random six-digit code for you to enter. While the experience is not so straightforward, it is a useful option if you already use this a specific app for MFA.
How do I set up MFA?
You can do it yourself right now by simply visiting aka.ms/mfasetup and following our step-by-step instructions. It is easier to carry out the initial set up of MFA using a computer, so you can scan the QR code from its screen with your mobile.
How do I use MFA?
- When you log into a protected system you will receive a request to authenticate. You need to have your phone with you to access your authenticator app.
- How often you need authenticate will vary and depends on factors such as switching between browsers and devices. When logging on you will see a tick button so that it shouldn’t ask you to authenticate again for 30 days.
- If you are using the Microsoft Authenticator app you will also be asked to enter a two-digit code into your app that is displayed on the screen. This is called number matching and is a quick and easy but very effective additional security measure.
Can I use the authenticator app for personal accounts?
Yes, we recommend protecting your personal online accounts. MFA can block more than 99.9 percent of account-compromise attacks, so we urge you to use it on all your critical accounts.
Here are quick links for how to turn on MFA for popular service providers:
What if I get a new phone?
If you have a new phone (or another device) or want to change the device you use to authenticate, you will need to update your authentication method to avoid losing access to university services.
Please follow the steps below:
- Keep your old phone switched on and logged on to Wi-Fi, in case you are prompted to authenticate before you have set up MFA on the new phone.
- Set up your new phone as you would usually and download the Authenticator app from the Apple App Store or Google Play.
- On your computer, log on to the Microsoft My Sign-Ins page.
- Click ‘Add method' and follow the instructions to add your new phone. You will need to scan a QR code using your new phone.
- Once you have set up your new phone to authenticate, please delete the existing authentication methods linked to the old phone from the list on the Microsoft My Sign-Ins page on your computer.
Will I have to set MFA up every year?
No, once you set up for your university account, this will last for as long as your account remains active.
Will I be charged anything to use MFA?
Downloading and using the Microsoft Authenticator app is free, so no charges should be incurred. If you have SMS or voice-call as a backup method, then the university will not charge for these, but you may be subject to usage charges as part of your mobile contract.
What happens if my device is lost or stolen?
If you have lost or had your mobile device stolen, you can access by either:
After your settings are cleared by ITMS, you'll be prompted to set up your authentication methods again.
What if I am concerned about using my personal mobile phone for this?
By using this additional authentication, you are helping to keep both your personal and university data secure.
Using the Microsoft Authenticator app on your phone does not allow the university to manage or control your phone, it is just used as a signalling method to confirm who you are and allow you access to university resources. By using the app, you are not providing any personal information. You can find out more about the Microsoft Authenticator app and privacy on the Microsoft website.
What should I do if I receive a verification request for access to my account that I was not expecting?
Do not verify any access prompt you receive that was not generated by you.
If this happens repeatedly, please report it to ITMS.
What if I am travelling or not based in the UK?
If you travel or are based internationally and need to access university services, please use the Microsoft Authenticator app as your default sign-in method. Log into the Microsoft My Sign-Ins page and make sure the 'Default sign-in method' is the authenticator app.
The app will work regardless of location, phone signal, or Wi-Fi availability. You can obtain a one-time code in the app if you do not have data while travelling. Simply open the app and click 'De Montfort University' to see the one-time code if needed.
Top tips for MFA
- Remember: You must have your authentication device with you to log in
- It may take up a few minutes for accounts to synchronise once you set up your MFA
- If possible, use the Microsoft Authenticator app with notifications enabled as your default method
- Do not uninstall and then reinstall the app once you have it, as this will prevent you from logging in to your account
- If you have no signal or changed SIM card, open the app and use the one-time passcode (OTP) to authenticate
- Register more than one authentication device and method in case you do not have access to your primary method.
Who should I contact if I have any other questions about MFA?
For any questions or problems about the process that aren’t covered by this FAQ, please contact email@example.com.