Female student typing on laptop studying

Multifactor Authentication

Multifactor Authentication

MFA is a process that helps to keep your University account safe by ensuring that only you can log in to it. It requires you to provide additional information, such as a code, to authenticate your identity when logging into the University’s IT services.

How do I set up MFA?
Step-by-step guide

 

 

Step 1

On your computer, go to https://mysignins.microsoft.com/security-info or https://aka.ms/mfasetup

Step 2

If you are not already signed in, log in with your BNU credentials

Step 3

If you see the following More information required panel click Next and then go to step 5 in this guide.

 

 

Step 4

If you see the following Security info screen you need to manually start the MFA registration process. To do this select + Add method and then select Authenticator app from the drop-down list and follow the rest of the steps in this guide.

 

 

Set up your MFA details using the ‘Keep your account secure’ wizard
Step 5

The Keep your account secure wizard appears to guide you through setting up the Microsoft Authenticator.

Select Download now to download and install the Microsoft Authenticator app on your mobile device, and then select Next. Or you can manually install the app from your device’s app store.

 

 

Step 6

You now need to set up the app on your mobile device. Keep this below screen showing while you set- up the app.

 

 

Step 7

On your mobile device, install the Microsoft Authenticator app and open it, select Allow notifications (if prompted), select Add account from the Customize and control icon on the upper-right, and then select Work or school account.

Select Scan a QR code and accept the required app permissions by clicking ALLOW

Important Note: If this is the first time you have set-up the Microsoft Authenticator app, you might receive a prompt asking whether to allow the app to access your camera (iOS) or to allow the app to take pictures and record video (Android). You must select Allow so the authenticator app can access your camera to take a picture of the QR code in the next step. If you don't allow the camera, you can still set up the authenticator app, but you'll need to add the code information manually.

Step 8

Return to the Set up your account page on your computer in point 6 above and click Next

The Scan the QR code page appears.

Step 9

With your mobile device, scan the QR code that is showing on your computer. The authenticator app should successfully add your work or school account without requiring any additional information from you

Note: If you are unable to scan the image, then a code is also available on the computer screen. To enter the manual code, you will need to click on Can’t scan image?

 

 

Step 10

Select Next on the Scan the QR code page on your computer.

A notification is sent to the Microsoft Authenticator app on your mobile device, to test your account.

 

 

Step 11

Approve the notification in the Microsoft Authenticator app, and then select Next.

 

 

Step 12

You have successfully registered your device to use the Microsoft Authenticator app to verify your identify when using multifactor authentication or password reset.

 

Set-up a backup method
Step 13

You now need to set-up a backup method to verify your identity which can be used if you lose access to the device you have registered for MFA.

On the Phone set up page, enter a mobile phone number; we're using text messages, so you must use a phone number for a device that can accept text messages. Select Next.

A text message is sent to your phone number.

 

Step 14

Enter the code provided by the text message sent to your mobile device, and then select Next.

 

Step 15

Review the success notification, and then select Next.

 

Your security info is updated to use text messaging as a backup method to verify your identity when using multifactor authentication or password reset.

Step 16

Review the Success page to verify that you have successfully set up both the Microsoft Authenticator app and a phone method for your security info, and then select Done.

Congratulations, you are now set up for multifactor authentication!

Frequently Asked Questions (FAQs)
Why is the University adopting multifactor authentication?

The recent spate of high profile and devastating cyber-attacks on Universities has demonstrated that information security and cyber vigilance is more important than ever.  BNU is introducing MFA to help keep University information and IT resources safe. You may already be familiar with MFA and use it for other personal services, such as online banking, Apple ID or Facebook. It is quick to set up and needs only to be done once.

How do I check if I have set-up MFA correctly?

You can check the security information you have set-up by from the Microsoft My Account Portal.

My password is secure, why do I need multifactor authentication?

Passwords can be reasonably secure when they are long and complex, but there are numerous methods to gain access to systems via stealing passwords or breaking into vulnerable systems by other means.

MFA provides an added layer of security. For example, in order to access your account, a cyber-criminal would need to steal both your password and your phone. This decreases the likelihood that someone will be able to login as if they were you.

In addition to offering greater security, MFA also helps the University to demonstrate compliance with data protection legislation including the GDPR.

How often will I have to re-authenticate?

You will be prompted to re-authenticate every 14 days.

You will need to re-authenticate on each device and each browser you use.

Do I have to authenticate through MFA separately for each application or system?

Overall, you should only need to perform a multi-factor authentication once every 14 days on each device you use. However, you may find this happens more often, depending on the application you are trying to access. Some applications and resources may require you to re-authenticate every day as they may contain sensitive information or be deemed a high risk.

What is the Microsoft Authenticator App?

The Microsoft Authenticator App is a small app for both Android and IOS devices, which allows you to complete the multi-factor authentication process. In addition to your usual password, it means only you can log into your account – somebody else with just the password would not be able to log in.

Will installing the Microsoft Authenticator on my personal device give the University access to my device?

No. The app’s only purpose is to help you log in, and it doesn’t have access to your data. It will need access to your camera so you can scan the QR code, and it will also work a great deal better if you allow it to send notifications when you log in.

What permission does the Microsoft Authenticator require on my device?

The specific permissions you see will depend on the type of device you are using. The full list of permissions that may be requested and how they are used by the app are published on the Microsoft web site as part of their Frequently asked questions (FAQ) about the Microsoft Authenticator app. (see section called Too many permissions).

What do I do if I change the phone or tablet that I have configured for MFA?

You can make changes to your authentication settings by updating your security information in the Microsoft My Account Portal. Remember to do this before changing to a new phone or tablet as you can have multiple devices registered. Also make sure to remove the old device when you move to the new one. Remember, you will need to use the app to gain access to the My Account Portal. If you have already lost access to your phone, please contact the IT Service Desk for advice.

Can I use a text message instead of the app?

Yes, you can.

To set-up SMS notifications, register your mobile phone number during the MFA set up process. Please do not use a landline number as you need to be able to receive the text message wherever you are. SMS is currently used as a backup method if your app doesn’t work, but the app is still the preferred method.

Where can I go for help if I experience issues registering for MFA?

You can contact the IT Service Desk via email IT@bucks.ac.uk or telephone 01494 605000, Option 1.

You will be asked to confirm your identity before any changes can be made to the security details that are registered for your account.