Multi-factor Authentication (MFA)

International Students intending to travel to the UK to study must use the Microsoft Authenticator app as the primary authentication method.

• You'll be guided through MFA enrolment on screen once you access a protected service for the first time. 
• DO NOT use a non-UK phone number as your only authentication method as this will stop working when you arrive in the UK and you will not be able to sign into our systems.
• The Microsoft Authenticator app is designed to work internationally. 

MFA at Herts

• How do I manage my MFA devices and methods?
• How do I use MFA?
• MFA enrolment instructions
• Setting up MFA without a smartphone.
• Guidance for new  students
• Adding additional authentication method (recommended)
• International Students
• Our 'Top Tips' for MFA
• Frequently asked questions (FAQs)
  • I am a returning student, do I need to set up MFA each year?
  • Can I opt out?
  • Will this cost me anything?
  • I don't have a smartphone
  • Can I use a hardware authentication device such as Yubikey?
  • I am already using the Microsoft Authenticator app for another account – can I use the same app?
  • I can't remember my student login username and/or password 
  • What do I do if I lose or forget my device?
  • Set up MS MFA on a new phone
  • I am getting unexpected MFA prompts
  • Technical issues and troubleshooting
    • How to clear your browser cache  - can help to resolve a variety of issues
• Increased security settings for Microsoft Authentication from Sept 2023
• NHS laptops and working in secure locations 
• I'm a new student and I can't log in to complete registration 
• Setting up and using MFA outside the UK
• MFA and computer-based exams
• Number matching security feature for MS MFA app 
• Help and support

All students are required to use MFA when logging into University Systems

What does this mean for me?

At the University of Hertfordshire, we use Microsoft MFA (MS MFA) as an extra layer of security in addition to your university password.

MFA asks you to confirm your identity using a second 'factor', such as a push notification on the MS MFA app on your phone. 

If you are a new student you will be asked to set up MS MFA when you first start using your University user account. Simply follow the instructions on the screen as they pop up.

Choose the Microsoft Authenticator app as your authentcation method . 
This is especially important if you are an International Student as the app will work regardless of location, phone signal, or Wi-Fi availability. 
Do not uninstall and then reinstall the app once you have it as this will prevent you from logging in to your account. 

If you are a current student and have not yet set up MFA, you will need to do this the next time you log in to a protected system such as O365, StudyNet (to access your timetable), or Canvas.  Please don't wait until you need to use a system to set up your authentication device as this may delay access to key systems when you most need them.

Get the Microsoft Multi-factor Authentication app 

MFA enrolment overview diagram:

How do I manage my MFA devices and methods?

• Go to https://mysignins.microsoft.com/security-info, log in using your hertsusername@herts.ac.uk, and follow the on-screen instructions to add method.  
• Choose the authenticator app and make this your default method 
• You can also set up voice and SMS as additional methods if you need to but always set the app up first if you can.    

How do I use MFA?

• When you log into a protected system you will receive a request to authenticate.  You need to have your smartphone with you. 
• How often you have to authenticate will vary and is dependent on factors such as switching between browsers and devices. 
• The app will also you to enter a 2-digit code. This is called number matching and is an extra security measure.   

When would I use the One Time Password (OTP) code that appears in the app? 

• Sometimes it may not be possible to use the push notification; perhaps you have no Wi-Fi or phone signal but you need to log into a system.   In this case, you can use the one-time password code in the app, which is refreshed every 30 seconds and works even in airplane mode.   
• Select ‘use a different verification option’ and then enter the OTP code from your app.

I have received an authentication request on my phone, but I am not logging into anything? 

• Do not approve the request if you did not initiate it.  You should select DENY or IT'S NOT ME to the request.
• You may have to open the app in full in order to select this.
• Please report any suspicious activity on your account to the Helpdesk immediately. 
• Remember, you can change your password anytime by going to https://www.pss.herts.ac.uk

Can I use the app for MFA on my personal accounts? 

• Yes, you can add your personal Microsoft account and other non-MS accounts such as Google or Facebook. 
• Find out more on the Microsoft help pages.  

Return to top

MS MFA enrolment instructions 

You will need: 

• your mobile phone 
• a PC or tablet connected to the internet 

Authentication via the Microsoft app on your smartphone is recommended. If you don’t have a smartphone, don’t worry, you can still set up MFA; see further down for non-smartphone setup instructions.

On your PC / tablet go to https://mysignins.microsoft.com/security-info

1. If your university student account is not your default Microsoft account, please log out of this first.
2. Log into your University of Hertfordshire student account and remember to put @herts.ac.uk after your username. You will now see the 'my sign-ins’ security info page.
   
   
   
   
3. Once signed in click on ‘add method’.  Select ‘authenticator app’ from the drop-down list, and then ‘add’.
   
   
   
   
   
4. The next screen will ask you to install the Microsoft authenticator app. Leave this window open while you download the app to your smartphone. If prompted allow notifications in the app.
   
   
5. In the app, select ‘add an account’ and choose the one called ‘work or school’
   • Select the required app permissions such as ‘use camera,’ which you will need as part of the set-up process.  
   • You can change the camera app permission when the set up is complete.
   • Once you have downloaded the app click next on your computer.
     
     
6. A QR code will be generated which you need to scan with your phone’s camera. 
   • If you can’t scan the image, you can enter the URL code manually.
   • If the QR code times out, simply repeat.
   • Click next on your computer to get an ‘approve sign-in request sent to your phone to confirm it is all working.  
     
     
     
     
7. Confirm your sign-in on the authentication pop-up request that will appear on your phone, and you are now all signed up.  

Watch this video from Microsoft to see how it looks on the screen.

Return to top

Setting up MFA without a smartphone.

Please note that we always recommend using the Microsoft Authenticator app on a smartphone as the most secure and convenient MFA method. 

1. On your PC / tablet go to https://mysignins.microsoft.com/security-info
2. If your university student account is not your default Microsoft account, please log out first. 
3. Log into your University of Hertfordshire student account and remember to put @herts.ac.uk after your username. You will now see the ‘my sign-ins’ security info page.
4. Once signed in click on ‘add method’, select 'phone’ from the drop-down list, and then ‘add’.
5. Select your country code and enter your phone number
   
6. Select text me a code or call me
   
7. Enter the code sent to your phone number to confirm your MFA setup.
8. On the security page, you can then set the default authentication method to either call or text

Guidance for new students

• All new students are automatically directed to enrol in Microsoft  Multi-factor Authentication (MS MFA) as part of their University account setup process. 
• Please set the Microsoft Authenticator app as your primary method. 
• Remember to enter your username in the format: username@herts.ac.uk (e.g. ab19cde@herts.ac.uk) 
• Can't sign in to complete registration? 

Setting up an alternative authentication method and/or device.  

• Being able to authenticate on a second device will enable you to access your accounts if you lose or forget your primary mobile device or if you need to set up MFA on a new phone. 
• Simply return to https://mysignins.microsoft.com/security-info, log in, and follow the on-screen instructions to add method.  
• If you have lost or forgotten your authentication method, please contact the Helpdesk.  

International  Students

International Students intending to travel to the UK to study should use the Microsoft Authenticator app as the primary authentication method.

DO NOT use a non-UK phone number as your only authentication method.  This will stop working when you arrive in the UK.  The Microsoft Authenticator app is designed to work internationally. 

Video: Set up multi-factor authentication with a mobile device in Microsoft

Once you have arrived in the UK log into https://mysignins.microsoft.com/security-info and add any further methods you’d like to use such as a UK mobile number (you will first need to authenticate on the app to do this).

If you are unable to authenticate before or after traveling to the UK, please contact the Helpdesk for further support. 

Q: I am an international student studying at an overseas campus/college - do I need to enrol in MFA? 

• Yes. If you have a University of Hertfordshire student log-in account you will need to enrol in MFA.

Top tips for MFA  

• Remember: You must have your authentication device with you in order to log in - so please don't leave it behind.
• It may take up to 20 mins for accounts to synchronise following authentication device setup. 
• Do not uninstall and then reinstall the app as this will prevent you from logging in to your account. 
• No signal? Changed your sim card? Open the app and use the One Time Passcode (OTP) to authenticate.  
• Register more than one authentication device and method

Return to top

FAQs (frequently asked questions and answers)

I am a returning student, do I need to set up MFA each year?

• No, setting up MFA is a one-time action and is linked to your University user account that you use throughout your studies at Herts.

Can I opt out of MFA?  

• No, you cannot opt out.
• Removing your authentication method will not un-enroll you, but will prevent you from logging into our systems, including O365 applications and StudyNet.  
• If you have removed your authentication methods and can no longer log in, please contact the Helpdesk.

What happens if I remove the University of Hertfordshire account from the app?  

• You won't be able to log in unless you already have the phone/SMS authentication method set up. 
• You will be asked to reinstall the app the next time you log in. 

Will this cost me anything?

• Downloading and using the authenticator app is free. 
• The University and Microsoft will not charge for calls or texts, but you may be subject to usage charges to receive calls or texts just like any other call or text according to your phone contract. 

I don't have a smartphone.

• If you do not have a suitable phone, you can also authenticate via text or phone call but you will start to be asked to set up the app when you log in. 
• Please contact the Helpdesk for further advice. 

Can I use a hardware authentication device such as Yubikey?

• Yes, you can use a hardware device such as a Yubikey but our Helpdesk is unable to provide support for setting up hardware devices used for authentication.
• Not all hardware devices will be compatible with Microsoft MFA. 
• To identify compatible Yubikeys and Yubikey MFA enrolment instructions please read this article from Yubikey. 

I am already using the Microsoft Authenticator app for another account – can I use the same app? 

• Yes – just follow the ‘add account’ instructions in the app. 

I can't remember my student login username and/or password 

• Your username is in the format username@herts.ac.uk
• If you have forgotten your username please contact the Library and Computing Service Helpdesk. 
• If you have forgotten your student account password you can reset this at https://www.pss.herts.ac.uk/ 

What do I do if I lose or forget my authentication device?

• Please contact the Helpdesk.
• You will be asked to provide your username or student ID number.
• Please be aware that Helpdesk staff will need to confirm your identity but they will never ask for your password. 
• You may need to wait 15 minutes once Helpdesk has provided assistance before you are able to log in.

How do I make sure notifications don't continue to go to my lost device? 

• Adding Authenticator to your new device doesn't automatically remove the app from your old device. Even deleting the app from your old device isn't enough. You must both delete the app from your old device AND tell Microsoft or your organization to forget and unregister the old device. 
• Find out more on the Microsoft FAQ page 

How do I set up MS MFA on a new phone?

Please ensure you have first set up an alternative method of authentication such as a landline, SMS, or another mobile. 

If you are able to,  keep the authenticator app active on your old phone while you set up the new one, as that can still be used as a method of authentication.

If your phone has been lost or stolen please contact the Helpdesk.

Watch this video or read below to set up your new phone.

1. Download the Microsoft MFA app to your new phone. 
2. On your PC / tablet go to https://mysignins.microsoft.com/security-info
3. Enter your password and sign in (you will be prompted to authenticate on your current device at this point) 
4. Click 'Add method'
5. From the drop-down options select your required method and click Add
6. Open the App, click Add account, then click Work or School Account
7. Select the option to Scan a QR code. You may get a prompt asking you to give the authenticator app permission to access the Camera. Please allow access to the camera.
8. Scan the QR code
9. Approve the notification that will now be sent to the app on your phone.
10. Click Next
11. The app set-up is complete, and your multi-factor authentication method has been set-up
12. Delete the existing authentication methods linked to the old phone

I got a new device or restored my device from a backup. How do I set up my accounts in Authenticator again? 

• If you turned on Cloud Backup on your old device, you can use your old backup to recover your account credentials on your new iOS or Android device.
• For more info, see the Backup and recover account credentials with Authenticator article. 

I am getting unexpected MFA prompts

1. Do not ignore unexpected prompts, it could be a sign that someone else is trying to access your account.
2. Do not authenticate any unexpected login attempts as this may give a criminal access to your accounts
3. Go to https://pss.herts.ac.uk and change your password to something only you will know as soon as possible
4. If you do spot any unusual or suspicious activity on your University account call the Helpdesk for further advice   

Do not allow others to use your mobile number to authenticate to their accounts, or ask others to use their mobile phone to authenticate access to your account.  

Return to top

Technical issues and troubleshooting

Troubleshooting - There are some common two-step verification problems that seem to happen more frequently than any of us would like. Microsoft has put together this article to describe fixes for the most common problems.

I am following the instructions to set up MFA but get an error message like this:

 

We recommend opening up a different web browser (e.g. Firefox or Mozilla) and then logging into  https://mysignins.microsoft.com/security-info . 

Sometimes clearing your browser cache can help resolve a variety of issues.  Here are instructions on how to do this for some of the most commonly used browsers:  

Chrome browser

• On your computer, open Chrome.
• At the top right corner, click the 3 vertical dots
• Click settings and then in the search bar at the top type "cache" - click clear browsing data
• At the top, choose a time range.
• Next to "Cookies and other site data" and "Cached images and files," check the boxes are ticked.
• Click Clear data.
• Restart Chrome

Safari browser

• From the home screen, Select Settings > Safari.
• At the bottom of Safari's settings screen, Select Clear cookies and data or Clear Cookies and Clear Cache.
• Confirm when prompted.
• Restart Safari

Edge browser

• Open Microsoft Edge, select Menu (3 dots icon on top right corner of the browser) > Settings > Privacy, search & services.
• Under Clear browsing data, select Choose what to clear.
• Select "Cached images and files" and "Cookies and other site data" check box and then select Clear.
• Restart Edge

IE (Internet Explorer) browser 

• Click on the cog icon in the top right-hand corner
• Click Internet Options
• Under Browsing history, Select Delete
• In the window that opens, check the Temporary Internet Files & cookies and website data and press the delete button at the bottom.
• Restart IE

I have made several attempts to login into my MFA account after setting it up but failed

• Please contact the Helpdesk: Telephone:  +44 (0)1707 284678  or email: helpdesk@herts.ac.uk 

I have set up MFA but I am not receiving any SMS, calls, or push notifications when authenticating 

• The most likely explanation is that you have changed your sim card (and telephone number), or perhaps you have lost your signal, Wi-Fi, or data connection.    
• As long as you have previously set up the MS Authenticator app on your mobile phone you can use the One Time Passcode (OTP) function. 
  This will continue to work even with no sim card or in airplane mode.
• Contact the Helpdesk for further assistance if needed  

I don’t see any notifications when the app is closed 

• You may need to check your app and phone settings. 
• Find out more on the Microsoft FAQ page. 

I am getting an error message when signing into Canvas

Increased security settings for Microsoft Authentication from Sept 2023

When you sign in and are asked to authenticate your details, Microsoft’s new ‘system preferred MFA’ process will check the authentication methods you have set up and will present you with the most secure method that you have registered based on the following order:

1. Security key/hardware token (very few people use this method in practice)
2. Microsoft Authenticator app (Herts and Microsoft recommended method)
3. Time-based one-time password
4. Text message or phone call (least secure and most likely to be intercepted by cybercriminals)

If you do not already have the Microsoft Authenticator app set up, you will be asked to do this, and it will become your new default method. You will be able to ‘snooze’ the request 3 times, but after this, you will have to set it up.

We strongly recommend you set the up Microsoft Authenticator app as soon as possible so you can do it at a time more convenient to you.

• The Microsoft Authenticator app has additional benefits for users and is the University’s recommended authentication method.
• The app will enable you to authenticate regardless of location, phone signal, or Wi-Fi availability.

You will still be able to choose whichever registered authentication method you prefer, but the prompt will always direct you to the most secure method recommended by Microsoft.

How do I add the authenticator app?

If you are prompted, please just follow the instructions on the screen.

To add the app before prompted (recommended):

1. We think it is easier to do this using a PC and your phone, but you can do it all on your smartphone if you need to.
2. Open up a web browser and go to https://mysignins.microsoft.com/security-info
3. Log in using your hertsusername@herts.ac.uk (You will need to use your existing MFA method to log in and make changes)
4. On the Security info page click on ‘add method.’  Select ‘authenticator app ’ from the drop-down list, and then ‘add.’
5. You will need to download the Microsoft Authenticator app from your app store.
6. Continue to follow the on-screen instructions to add the app and register it against your Herts user account.
7. You’ll also find it more convenient to have notifications switched on for this app.

I can’t download the app, or I don’t have a smartphone – what should I do?

If your phone does not support the app, or you do not have a smartphone, please get in touch with the Helpdesk for further advice.

• Online: https://helpdesk.herts.ac.uk/login
• Telephone: +44 (0)1707 284678
• Email: helpdesk@herts.ac.uk. Please include the following information in your email to us - full name, membership number, and a full description of your issue

 

NHS laptops and working in secure locations   

I am a new student and I can't log in to complete registration.

• Log in using the username and one-time password we provided.
• If you can't remember your details please contact the Helpdesk.
• You can change or recover your University password online at  https://www.pss.herts.ac.uk/ 
• You will not be able to log in further until you have set up your additional account authentication method, if you are unable to do this please contact the Helpdesk.  
• If you have successfully logged in and set up your authentication method, but are still unable to complete registration please contact ask@herts.ac.uk and include a screenshot of your issue if possible. 

Setting up and using MFA outside the UK

 Q: Is the Microsoft Authenticator app for Android available for download in China? 

• Yes, but with some feature limitations. Find out more on the Microsoft help pages. 

Q: Can I use MFA if I live or travel abroad?

• Yes. The  Microsoft Authenticator app is designed to work internationally. 

MFA and computer-based exams and assessments

This will be determined by the conditions set for your particular exam,

• Make sure your MFA is correctly set up before your exam date so that you have time to resolve any issues ahead of time.
• If necessary you will be allowed to use an MFA device before the exam starts so you can successfully log in to any systems or software required for the exam.
• Your authentication device (typically your mobile phone) must then be switched off and put away as instructed by the invigilator in accordance with the requirements for each exam session.
• Please note that the arrangements may vary between exams.
• If you have any issues with MFA before the exam or you have lost/forgotten your phone please contact the Helpdesk as soon as possible.  Telephone:  +44 (0)1707 284678 or email: helpdesk@herts.ac.uk . 
• For more detailed information please read: MFA and computer-based exam guidance for staff and students 

Return to top

What is number matching?

Number matching helps prevent cybercriminals from hacking your account using a 'push notification fatigue attack' 

• When you log in to a protected system you will be presented with a two-digit number to enter into the Microsoft Authenticator app on your mobile device instead of simply approving.
• Make sure the app is updated on your phone to the latest version to ensure it is working securely and correctly.

Can I use MFA and number matching on my smartwatch?

No, smartwatches are not supported for this feature.

• Please add another device (mobile phone) if you have not already done so and make this your default authentication device.
• We recommend removing the Microsoft Authenticator app from smartwatches.
• Find out how to set up a new authentication method or device and manage your MFA devices.

What will it look like?

The next time you log in to a protected system the login screen will ask you to authenticate and show you a randomly generated number. 

Open the app on your phone, enter the code, and click YES.
 
(Android phone example above – iPhone will look slightly different)

Remember: If you get an unexpected authentication request you should select NO, IT’S NOT ME.

• This may indicate that your username and password have been compromised and you should change your password at  https://www.pss.herts.ac.uk/  and alert the Helpdesk.
• Find out more about setting up and managing your University password.

Can't enter numbers in your app? 

• If you do not have the option to input the numbers into your Microsoft Authenticator app when requested, you may need to upgrade your Authenticator app to the latest version.

If you have any problems authenticating when logging into your University account, please contact the Helpdesk

Help and support

Find out more about the MS Authenticator app directly from Microsoft

Contact the Library and Computing Services Helpdesk 

• Online:  https://helpdesk.herts.ac.uk/login  
• Telephone:  +44 (0)1707 284678  
• Email: helpdesk@herts.ac.uk 

Find out more, including information about permissions and data: Microsoft Authenticator app FAQs  

Return to top