my-cumbria-logo, my-cumbria-logo Toggle navigation

COVID-19 (Coronavirus) UPDATES

We are still open

We have introduced Multi Factor Authentication to your university sign in process. This is designed to increase your security when accessing university services off campus by using additional methods to verify who you are when signing in. You can update your security methods anytime using the button below, but please make sure to read the guidance available on this page first if you are new to Multi Factor Authentication. 

 

Update Security Methods

  • What is MFA?

    Multi Factor Authentication pairs your University password with an additional form of security. Depending on whether you are a staff member or a student, and on what method works best for you, this could be an app on your corporate or personal smart phone, a phone call, or a text message. You will only be asked to authenticate using MFA when you are working or studying off site and accessing University services. However, due to the increasingly sophisticated levels of cybercrime, it is essential that everyone who uses a University account to access services sets up their account with an additional security method as soon as possible. MFA is being implemented as a way to combat cyber attacks, of which the University has been a very real target of in the past. We want to ensure you are protected on and off campus and that your personal information remains secure.

    Please note, every 180 days you will be asked to check all your information is still current.

     

  • The sign up process

    You can view our step by step guide to signing up to MFA which shows you how to add your different security methods, and how to select the one you'd like to use for your second form of authentication alongside your university password. We do recommend the use of the Authenticator app for this - particularly the 'notification' mode - as this provides the most efficient and secure authentication experience. However, there are alternative methods available if you would like to use one of these.

    MFA Registration Guide 

  • What will I see when I sign in?

    When you are prompted to sign-in, you will be asked to enter your university email address and password, as shown below.

    Signin_email,

     Signin_password,

    Once you have entered your university account credentials, as part of the MFA process you'll be asked to either approve or deny your sign in using the Microsoft Authentication app. Whether you do this by approving a notification that appears on your phone or by entering a code will depend on which form of security method you select when setting up your MFA security methods. 

    If you are using the app notification method, you will see a screen like the following:

    Signin_approvenotification,

    You will then need to go to your mobile phone, where you will see a message appear that will look something like the following image. Click approve and you will be signed into your account on whichever device you are using (your approval on your phone will connect to your sign in, even if this is happening on a different device to the phone itself).

    MFA_approvalnotification,

    If you are using the app's code authentication method, you will see the following screen after entering your email and password details. 

    Signin_approvecode,

    When you see this screen, go to your mobile phone, open the Microsoft Authenticator app and click on your account from the options provided. You will then be presented with a 6-digit code which you should enter on the screen shown above to verify your sign in.

    MFA_approve_codeinapp,

  • FAQs

    Q1) Why do I need to do this?

    Cybercrime continues to rise and as a result it is increasingly important that your personal information and data is protected. MFA is being implemented in order to do exactly this, using a widely utilised security tool to help you authenticate who you are during a sign in process and keep personal and university data secure. This all operates on the same principle as when you receive a code by text to use your bank or have to approve the card you use when shopping online. Using an additional security method as part of MFA simply makes it that much harder for anyone to infiltrate your account.

    Q2) Will I need MFA on campus?

    No. Just an initial one-off sign up is needed. 

     

    Q3) What if I'm concerned about using my personal mobile phone for work or as part of my university study?

    Keeping your University account secure will protect both the organisation and your own personal data.  Your personal mobile phone details are not used for any other purpose than protecting your account. By adding the Microsoft Authenticator App to your personal phone this is just providing a method to confirm who you are.  The app is not used to manage or control your phone or provide any personal data. 

     

    Q4) When I provide my MFA sign up details/methods, will the University have access to this information?

    Data is retained under GDPR and can only be used for the purposes for which the data has been given (in this case MFA). You have full access to remove or modify your MFA sign-in information here and should you leave the university all sign-in details will be automatically deleted on deletion of your user account.

    If you still have concerns over data privacy, please consider using the Microsoft Authenticator mobile app (iOS and Android). The app does not request any personal information, it simply holds an electronic token unique to your University account.

    Q5) Is there another way to be secure without using my personal mobile?

    You must select at least one additional security method to your university password, however, if you cannot, or do not wish to use your personal mobile, there are some other options available.

    You can use any land line number as an additional method. For example, you can use your home phone number.

    If you are a member of staff, you can also use a University direct dial number, however, this will obviously prevent any off-campus access. NB: Do not use Reception numbers.

    Please note: Personal email addresses are not an acceptable form of security method and you will not be able to use this for MFA. Any registered personal email addresses are used for password resets only. 

    Q6) What is the difference between Microsoft Authenticator app (notification) and Microsoft Authenticator app (code)?

    The Microsoft Authenticator App can function in two modes; one which provides an easy one click notification pop up, you click approve and your signin is authorised.  The other mode is app code which provides a rolling 6 digit code that changes every 30 seconds, you need to enter the code before it changes.  We recommend using the notification method as this is the quickest and easiest.  If your device only gives you the code option ensure your default method is set correctly.  Visit https://aka.ms/setupsecurityinfo and change the default option to Microsoft Authenticator – notification.  Please note some mobile phones do not support the notification method.

     

  • Microsoft help pages

Edit page