my-cumbria-logo, Toggle navigation

Focusing on staff access initially, we have introduced Multi Factor Authentication to your university sign in process. This is designed to increase your security when accessing university services off campus. 

 

Update Security Methods

  • What is MFA?

    Multi Factor Authentication pairs your University password with an additional form of security, this could be an app on your corporate or personal smart phone, a phone call, or a text message. You will only be asked to authenticate using MFA when you are working off site and accessing University services. However, due to the increasingly sophisticated levels of cybercrime, it is essential that all staff set up their University account with an additional security method as soon as possible. MFA is being implemented as a way to combat cyber attacks, particuarly in light of recent breaches in the security of data belonging to our very own staff. We want to ensure you are protected on and off campus and that your personal information remains secure.

    Please note, every 180 days you will be asked to check all your information is still current.

     

  • The sign up process

    You can view our step by step guide to signing up to MFA which shows you how to add your different security methods, and how to select the one you'd like to use for your second form of authentication alongside your university password. We do recommend the use of the Authenticator app for this - particularly the 'notification' mode - as this provides the most efficient and secure authentication experience. However, there are alternative methods available if you would like to use one of these.

     

    MFA Registration Guide

  • What will I see when I sign in?

    As part of the project which has introduced MFA, we now also have a different sign in page for accessing university systems. Before and after is shown below.

     

    Before:

     

    MFA_before, screenshot of sign-in page before

     

    After:

    MFA After, screenshot of sign-in after

  • FAQs

    Why do I need to do this?

    Cybercrime continues to rise and as a result it is increasingly important that your personal information and data is protected. MFA is being implemented in order to do exactly this, using a widely utilised security tool to help you authenticate who you are during a sign in process and keep personal and university data secure. This all operates on the same principle as when you receive a code by text to use your bank or have to approve the card you use when shopping online. Using an additional security method as part of MFA simply makes it that much harder for anyone to infiltrate your account.

    Will I need MFA on campus?

    No. Just an initial one-off sign up is needed. 

     

    What if I'm concerned about using my personal mobile phone for work?

    Keeping your University account secure will protect both the organisation and your own personal data.  Your personal mobile phone details are not used for any other purpose than protecting your account.  By adding the Microsoft Authenticator App to your personal phone this is just providing a method to confirm who you are.  The app is not used to manage or control your phone or provide any personal data. 

     

    When I provide my MFA sign up details/methods, will the University have access to this information?

    Data is retained under GDPR and can only be used for the purposes for which the data has been given (in this case MFA). You have full access to remove or modify your MFA sign-in information here and should you leave the university all sign-in details will be automatically deleted on deletion of your user account.

    Is there another way to be secure without using my personal mobile or email?

    As a member of staff you must select at least one additional security method to your university password, however, if you cannot, or do not wish to use your personal mobile or email address, there are some other options available:

    • You can create a separate personal email account specifically for this purpose - the IT Service Desk can support with this. The University will not have any control, access or responsibility in relation to the use or mis-use of this account. You may provide your university email address as a recovery address should you forget the password to this email account.
    • You can use a University direct dial number, however, this will obviously prevent any off-campus access. NB: Do not use Reception numbers.
    What is the difference between Microsoft Authenticator app (notification) and Microsoft Authenticator app (code)?

    The Microsoft Authenticator App can function in two modes; one which provides an easy one click notification pop up, you click approve and your signin is authorised.  The other mode is app code which provides a rolling 6 digit code that changes every 30 seconds, you need to enter the code before it changes.  We recommend using the notification method as this is the quickest and easiest.  If your device only gives you the code option ensure your default method is set correctly.  Visit https://aka.ms/setupsecurityinfo and change the default option to Microsoft Authenticator – notification.  Please note some phone phones do not support the notification method.

     

  • Microsoft help pages

Edit page