When you login to an MFA-enabled service for the first time, you will receive a notification that ‘More Information is Required’ and be prompted to set up MFA by picking one or more methods for authentication. The standard is that the user sets up the Microsoft Authenticator App and a phone-based approach (using call or text message). It’s always best to setup a variety of methods which minimises the impact of technical issues or missing devices.

Once MFA has been configured, you will be periodically prompted to check that the details Microsoft holds are up to date.

You can also manage your own details by visiting royalholloway.ac.uk/myaccount and selecting the Security Info tab in the My Account area.

When configuring MFA, an authenticator app or phone number must be configured as the primary means of authentication.

At minimum you should have two methods of MFA configured, although setting up additional methods can be beneficial.

At Royal Holloway, we recommend that you setup the Microsoft Authenticator app and add a phone number for use with MFA.

Microsoft Authenticator App: The Microsoft Authenticator app is the simplest method of verifying your identity and is recommended by the university. It can be installed on an Android or iOS device.

There’s two ways the app can be used for MFA.

The first, which uses number matching, is generally the fastest and most convenient. You will need to download the app to your preferred device and set up authentication. This is the method we recommend.

You can also use the app to provide six-digit one-time passcodes, or OTP codes. OTP codes work well when you don’t have internet access on your phone or mobile device and you can’t receive notifications. Instead of approving a push notification, you type the OTP code into the browser you’re trying to sign in to. OTP codes refresh every 30 seconds, so they can be difficult to use before they time out, particularly if you have accessibility requirements.

SMS or Phone Call: If you don’t want to download an app, you can opt to register a phone number which you can use for authentication either by call or text message.

In addition to the primary methods, it's possible to configure some alternate or additional methods for authentication.

Alternate Authenticator Apps: While the Microsoft Authenticator app is recommended, it’s possible to register your Microsoft account with another app such as Google Authenticator. Just select ‘I want to use an alternate authenticator app’ when on the Microsoft Authenticator App setup screen.

Email: You can provide an additional email address, separate from your University email, to receive links to verify your identity. This method works well for password reset but cannot be configured as the primary method for MFA when accessing applications.

Security Questions: It’s possible to setup a series of security questions that can be used to verify your identity, this method works best for resetting passwords but cannot be used for day-to-day authentication.

We suggest that you pick methods of MFA which are the most convenient for you. Most people use their mobile phone as they generally always have it with them. 

You may need to use MFA if you're signing in to services during lectures or when you're studying, so you should make sure to use a device you have easy access to. 

If you do use your mobile phone, it shouldn't cost you anything to use MFA. App notifications use a tiny amount of data or are free if you are connected to Wi-Fi - CampusNet if you're on campus. OTP codes are available offline and use no data at all. It is free to receive calls or text messages.

You will need to contact the IT Service Desk to intervene on your behalf if you lose access to your device. The Service Desk can help you access your account to add a new method of MFA, or investigate other options until such a time that you can get a new device setup.

Notifying the IT Service Desk also means they can remove your old device if it was stolen or sold, this will prevent it being used for authentication going forward. It’s also worth choosing the option to ‘sign out everywhere’ from the Security Info tab of the My Account page to ensure that your account is logged out from any missing devices.

When you do get a new mobile, you can add your new device as an option for Multi-Factor Authentication from this same Security Info page by selecting the option for ‘+ Add Sign-in Method’. You should do this before you get rid of your old device. 

MFA is not meant to be a barrier to accessing Royal Holloway services, but it’s important that your identity is checked regularly. Generally, you will be prompted to authenticate when accessing a service for the first time or after a set number of day. If you're being asked to authenticate every time you sign in, you should contact us so we can figure out why. 

Multi-Factor Authentication is a requirement for accessing Royal Holloway services.

The Microsoft Authenticator App works well with most screen readers and assistive technologies. If you do experience difficulties, please contact the IT Service Desk who can work with you on your specific requirements.

You may occasionally run into problems with MFA, particularly when trying to use a third-party email management platform, clone an existing device or when using a mobile phone running an older OS version. Check out our FAQs for further advice.

From time to time, Microsoft will require Multi-Factor Authentication, but you will not receive the automated app push notification to your mobile device. This can happen if you're signing in from a new location, on a VPN, or sometimes your notification can just take a little time to come through. If you manually open your app the number matching prompt should appear so you can complete the request, even if you didn't get a notification yet. Simply navigate to the app and review your outstanding authentication requests as normal to complete number matching.

If your number matching prompt still doesn't appear, you can try another authentication method. If you consistently have an issue with the app, you should contact the IT Service Desk.