my-cumbria-logo, my-cumbria-logo Toggle navigation

Multi Factor Authentication (MFA)

Permalink to the page: my.cumbria.ac.uk/mfa

On this page:

  • What is MFA and the sign up process
  • How to reset your university account password 

We have introduced Multi Factor Authentication to your university sign in process. This is designed to increase your security when accessing university services off campus by using additional methods to verify who you are when signing in. You can update your security methods anytime using the button below, but please make sure to read the guidance available on this page first if you are new to Multi Factor Authentication. 

Multi Factor Authentication also provides a more streamlined experience, which includes a built in password reset service - see the 'How do I reset my password?' section below for more details. 

 

Update Security Methods

  • What is MFA?

    Multi Factor Authentication pairs your University password with an additional form of security. Depending on whether you are a staff member or a student, and on what method works best for you, this could be an app on your corporate or personal smart phone, a phone call, or a text message.

    You will only be asked to authenticate using MFA when you are working or studying off site and accessing University services. However, due to the increasingly sophisticated levels of cybercrime, it is essential that everyone who uses a University account to access services sets up their account with an additional security method. MFA has been implemented as a way to combat cyber attacks, of which the University has been a very real target of in the past. We want to ensure you are protected on and off campus and that your personal information remains secure.

    Please note, every 180 days you will be asked to check all your information is still current.

    To understand the basics of Two Factor Authentication watch this short video by Tom Scott:

  • The sign up process

    You can view our step by step guide to signing up to MFA which shows you how to add your different security methods, and how to select the one you'd like to use for your second form of authentication alongside your university password.

    We do recommend the use of the Authenticator app for this - particularly the 'notification' mode - as this provides the most efficient and secure authentication experience. Please keep in mind that if you if you choose the app it will need to remain installed on your device. This means that if you ever lose or change your device you may be able to use the ‘Update Security Methods’ option at the top of this page to edit your security methods, or you may need to contact IT Service Desk. This will depend on which security methods you have set up. 

    MFA Registration Guide 

  • What will I see when I sign in?

    When you are prompted to sign-in, you will be asked to enter your university email address and password, as shown below.

    Signin_email,

    Signin_password,

    Once you have entered your university account credentials, as part of the MFA process you'll be asked to either approve or deny your sign in using the Microsoft Authentication app. Whether you do this by approving a notification that appears on your phone or by entering a code will depend on which form of security method you select when setting up your MFA security methods. 

    If you are using the app notification method, you will see a screen like the following:

    Signin_approvenotification,

    You will then need to go to your mobile phone, where you will see a message appear that will look something like the following image. Click approve and you will be signed into your account on whichever device you are using (your approval on your phone will connect to your sign in, even if this is happening on a different device to the phone itself).

    MFA_approvalnotification,

    If you are using the app's code authentication method, you will see the following screen after entering your email and password details. 

    Signin_approvecode,

    When you see this screen, go to your mobile phone, open the Microsoft Authenticator app and click on your account from the options provided. You will then be presented with a 6-digit code which you should enter on the screen shown above to verify your sign in.

    MFA_approve_codeinapp,

  • How do I reset my university password?

    Resetting your password is now easier than ever. Once you have registered for Multi Factor Authentication you will automatically be given the power to reset your password any time you need to. When you go to sign in, you'll see an option which reads either 'Can't access your account?' or 'Forgotten my password' - shown in the screenshots below. Simply click on this link and you'll be taken through the process to reset your university password. 

    Forgot_password_screenshot,

    You can reset your password online now using the Microsoft Online Password Reset Tool. You will need your student or staff email and access to the device which you use for MFA to complete the reset.

    Microsoft Password Reset,

    Follow the onscreen instructions.

  • I received a text message that says "Data rates may apply"

    This is a generic message that some users are receiving depending on who their phone contract is with.

    Within the UK, there are NO charges to receive MFA codes or text messages.

    In some other parts of the world, where it is customary to be charged to receive text messages, a charge may be applied.

    To avoid this or alleviate any concerns you may have - please install a multi-factor authentication app such as Microsoft AuthenticatorGoogle Authenticator or Authy (other apps are available), as these generate a code locally on your device and do not need to receive external messages.

  • FAQs

    Q1) Why do I need to do this?

    Cybercrime continues to rise and as a result it is increasingly important that your personal information and data is protected. MFA is being implemented in order to do exactly this, using a widely utilised security tool to help you authenticate who you are during a sign in process and keep personal and university data secure. This all operates on the same principle as when you receive a code by text to use your bank or have to approve the card you use when shopping online. Using an additional security method as part of MFA simply makes it that much harder for anyone to infiltrate your account.

    Q2) Will I need MFA on campus?

    No. Just an initial one-off sign up is needed. 

     

    Q3) What if I'm concerned about using my personal mobile phone for work or as part of my university study?

    Keeping your University account secure will protect both the organisation and your own personal data.  Your personal mobile phone details are not used for any other purpose than protecting your account. By adding the Microsoft Authenticator App to your personal phone this is just providing a method to confirm who you are.  The app is not used to manage or control your phone or provide any personal data. 

     

    Q4) When I provide my MFA sign up details/methods, will the University have access to this information?

    Data is retained under GDPR and can only be used for the purposes for which the data has been given (in this case MFA). You have full access to remove or modify your MFA sign-in information here and should you leave the university all sign-in details will be automatically deleted on deletion of your user account.

    If you still have concerns over data privacy, please consider using the Microsoft Authenticator mobile app (iOS and Android). The app does not request any personal information, it simply holds an electronic token unique to your University account.

    Q5) Is there another way to be secure without using my personal mobile?

    You must select at least one additional security method to your university password, however, if you cannot, or do not wish to use your personal mobile, there are some other options available.

    You can use any land line number as an additional method. For example, you can use your home phone number.

    If you are a member of staff, you can also use a University direct dial number, however, this will obviously prevent any off-campus access. NB: Do not use Reception numbers.

    Please note: Personal email addresses are not an acceptable form of security method and you will not be able to use this for MFA. Any registered personal email addresses are used for password resets only. 

    Q6) What is the difference between Microsoft Authenticator app (notification) and Microsoft Authenticator app (code)?

    The Microsoft Authenticator App can function in two modes; one which provides an easy one click notification pop up, you click approve and your signin is authorised.  The other mode is app code which provides a rolling 6 digit code that changes every 30 seconds, you need to enter the code before it changes.  We recommend using the notification method as this is the quickest and easiest.  If your device only gives you the code option ensure your default method is set correctly.  Visit https://aka.ms/setupsecurityinfo and change the default option to Microsoft Authenticator – notification.  Please note some mobile phones do not support the notification method.

     

  • I got a new phone or mobile number - what should I do?

    If you still have a device/phone that you use for MFA authentication, you can change or update your authentication method at the following link: https://aka.ms/setupsecurityinfo

    If you have got a new phone and you use an authenticator app:

    Follow the Sign up instructions (above) to setup your new phone to access MFA codes in the app. For convenience you should do this whilst you still have access to your previous phone as you will need an MFA access code to login to the authenticator app on your new phone.

    If your old phone is broken and you use an authenticator app:

    You will need to contact the IT Service Desk who will assist you in getting MFA authentication set up on your replacement device.

    If you have changed your mobile number and use an authenticator app:

    Nothing will change. The authenticator app does not use your mobile number, so will continue to work as normal.

    If you have a new phone and receive your MFA codes via text message:

    Simply put your existing sim card into the new phone and your MFA codes will continue to arrive in the same way.

    If your old phone is broken and you receive your MFA codes via text message:

    Simply put your existing sim card into any other phone and your MFA codes will continue to arrive in the same way.

    If your old sim card is broken and you receive your MFA codes via text message:

    Simply put your replacement sim card into any phone and your MFA codes will continue to arrive in the same way. If your replacement sim card uses a different mobile number - you will need to see below.

    If you receive MFA codes via text message and have changed your mobile number:

    Ideally, before you switch mobile numbers, you will use your existing device to change your authentication method to an authenticator app. This will allow you to continue to receive MFA codes no matter what you mobile number is.

    If you receive MFA codes via text message and have changed your mobile number AND phone:

    You will need to contact the IT Service Desk who will assist you in getting MFA authentication set up for your replacement number.

  • Microsoft help pages

    The following are additional guides you may like to view from Microsoft:

     

     

     

     

Edit page