Orange

Multi-factor authentication


 

Multi-Factor Authentication (MFA) is an additional layer of security used to protect your account and your data, as well as Royal Holloway's data and services. After entering your username and password to access a Royal Holloway service, you will be prompted to authenticate using a separate device or app which functions as an additional opportunity to confirm your identity. MFA makes it harder for others to access your university account without your knowledge. You have likely encountered this type of security in your personal life accessing online banking or other services. You can read more about Multi-Factor Authentication on Microsoft’s support pages.

 

 

How do I setup MFA?

When you login to an MFA-enabled service for the first time, you will receive a notification that ‘More Information is Required’ and be prompted to set up MFA by picking one or more methods for authentication. The standard is that the user sets up the Microsoft Authenticator App and a phone-based approach (using call or text message). It’s always best to setup a variety of methods which minimises the impact of technical issues or missing devices.

Once MFA has been configured, you will be periodically prompted to check that the details Microsoft holds are up to date.

You can also manage your own details by visiting royalholloway.ac.uk/myaccount and selecting the Security Info tab in the My Account area.

What methods of authentication are recommended?

When configuring MFA, an authenticator app or phone number must be configured as the primary means of authentication.

At minimum you should have two methods of MFA configured, although setting up additional methods can be beneficial.

At Royal Holloway, we recommend that you setup the Microsoft Authenticator app and add a phone number for use with MFA.

Microsoft Authenticator App: The Microsoft Authenticator app is the simplest method of verifying your identity and is recommended by the university. It can be installed on an Android or iOS device.

There’s two ways the app can be used for MFA.

The first, which uses number matching, is generally the fastest and most convenient. You will need to download the app to your preferred device and set up authentication. This is the method we recommend.

You can also use the app to provide six-digit one-time passcodes, or OTP codes. OTP codes work well when you don’t have internet access on your phone or mobile device and you can’t receive notifications. Instead of approving a push notification, you type the OTP code into the browser you’re trying to sign in to. OTP codes refresh every 30 seconds, so they can be difficult to use before they time out, particularly if you have accessibility requirements.

SMS or Phone Call: If you don’t want to download an app, you can opt to register a phone number which you can use for authentication either by call or text message.

What other methods of authentication can I use?

In addition to the primary methods, it's possible to configure some alternate or additional methods for authentication.

Alternate Authenticator Apps: While the Microsoft Authenticator app is recommended, it’s possible to register your Microsoft account with another app such as Google Authenticator. Just select ‘I want to use an alternate authenticator app’ when on the Microsoft Authenticator App setup screen.

Email: You can provide an additional email address, separate from your University email, to receive links to verify your identity. This method works well for password reset but cannot be configured as the primary method for MFA when accessing applications.

Security Questions: It’s possible to setup a series of security questions that can be used to verify your identity, this method works best for resetting passwords but cannot be used for day-to-day authentication.

What device should I use for MFA?

We suggest that you pick methods of MFA which are the most convenient for you. Most people use their mobile phone as they generally always have it with them. 

You may need to use MFA if you're signing in to services during lectures or when you're studying, so you should make sure to use a device you have easy access to. 

If you do use your mobile phone, it shouldn't cost you anything to use MFA. App notifications use a tiny amount of data or are free if you are connected to Wi-Fi - CampusNet if you're on campus. OTP codes are available offline and use no data at all. It is free to receive calls or text messages.

What happens if I lose, break or replace my preferred device for MFA?

You will need to contact the IT Service Desk to intervene on your behalf if you lose access to your device. The Service Desk can help you access your account to add a new method of MFA, or investigate other options until such a time that you can get a new device setup.

Notifying the IT Service Desk also means they can remove your old device if it was stolen or sold, this will prevent it being used for authentication going forward. It’s also worth choosing the option to ‘sign out everywhere’ from the Security Info tab of the My Account page to ensure that your account is logged out from any missing devices.

When you do get a new mobile, you can add your new device as an option for Multi-Factor Authentication from this same Security Info page by selecting the option for ‘+ Add Sign-in Method’. You should do this before you get rid of your old device. 

How frequently will I be asked to authenticate?

MFA is not meant to be a barrier to accessing Royal Holloway services, but it’s important that your identity is checked regularly. Generally, you will be prompted to authenticate when accessing a service for the first time or after a set number of day. If you're being asked to authenticate every time you sign in, you should contact us so we can figure out why. 

Can I opt out of MFA?

Multi-Factor Authentication is a requirement for accessing Royal Holloway services.

I’ve received an authentication request that wasn’t generated by me, what should I do?

This could suggest that someone is attempting to access your university account, you should immediately change your password and contact the IT Service Desk to request further advice.

Does MFA work with assistive technologies and what support is there for users with specific accessibility requirements?

The Microsoft Authenticator App works well with most screen readers and assistive technologies. If you do experience difficulties, please contact the IT Service Desk who can work with you on your specific requirements.

What are some of the common problems when using Multi-Factor Authentication?

You may occasionally run into problems with MFA, particularly when trying to use a third-party email management platform, clone an existing device or when using a mobile phone running an older OS version. Check out our FAQs for further advice.

I need to enter my number match, but I didn’t receive an automated app notification. How can I complete authentication?

From time to time, Microsoft will require Multi-Factor Authentication, but you will not receive the automated app push notification to your mobile device. This can happen if you're signing in from a new location, on a VPN, or sometimes your notification can just take a little time to come through. If you manually open your app the number matching prompt should appear so you can complete the request, even if you didn't get a notification yet. Simply navigate to the app and review your outstanding authentication requests as normal to complete number matching.

 

If your number matching prompt still doesn't appear, you can try another authentication method. If you consistently have an issue with the app, you should contact the IT Service Desk.

 

Contact us

itservicedeskrhul.ac.uk

01784 41 4321

Chat online with the IT helpdesk

Back to the IT Homepage.