Skip to main content

Multi-factor Authentication (MFA)

The University of Hertfordshire is committed to cyber security: Find out what action you need to take to protect your University login account.

Students are now required to use MFA when logging into University Systems

What does this mean for me?

  • You will need to confirm your identity using a second 'factor' when logging into protected systems using your University username and password. 
  • If you have not already done so, you will need to set up an authentication device the next time you log in to a protected system such as O365, StudyNet (to access your timetable), and Canvas.

Please don't wait until you need to use a system to set up your authentication device as this may delay access to key systems when you most need them. 

Watch this video and find out how to set up MFA on your University user account.    

Get the Microsoft Multi-factor Authentication app 

MFA enrolment overview diagram:

MFA set up process diagram

MFA, which requires that users authenticate with at least two factors, can reduce the risk of identity compromise by as much as 99.9 percent over passwords alone. Source: Microsoft

  What is Multi-factor authentication (MFA)?

  • Multi-factor authentication (MFA) adds another layer of security to your online accounts by verifying your identity using a second factor and prevents anyone but you from logging in, even if they know your password.  
  • The second factor could be a push notification sent to an app on your phone or a code sent by SMS or a phone call. 
  • At the University of Hertfordshire, we are using Microsoft’s Azure AD Multi-factor Authentication (MS MFA) facility and supporting the use of the Microsoft Authenticator app for student accounts. 
  • For the best user experience, we recommend using the push notification on the Microsoft authenticator app. 
  • Find out more about the Microsoft Authenticator App

Who needs to enrol in MS MFA? 

  • All University of Hertfordshire students
  • Any staff members with a student account (not PGR) will also need to set up MFA on their student account.    Staff will need to continue to use Duo for their staff account. 
  • Staff and PGR students who are already enrolled on Duo MFA may additionally enrol in MS MFA if they wish, but it is not necessary, and should not delete their Duo MFA authentication method.

Why do I need to enrol in MS MFA?

  • To help protect your University user account and your data.
  • To help protect our University from the actions of cyber criminals.

How do I manage my MFA devices and methods?

  • Simply return to https://mysignins.microsoft.com/security-info, log in and follow the on-screen instructions to add method.  
  • You can also choose your default authentication method here, although we always recommend using the app whenever possible.  

How do I use MFA?

Once enrolled lookout for an authentication request on your device when you are logging in using your student username.
How often you have to authenticate will vary and is dependent on factors such as switching between browsers and devices.   

When would I use the verification code that appears in the app? 

  • Sometimes it may not be possible to use the push notification; perhaps you have no Wi-Fi or phone signal but you need to log into a system.   In this case, you can use the one-time password code in the app, which is refreshed every 30 seconds and works even in airplane mode.   
  • When logging in to a UH system select ‘use a different verification option’

I have received an authentication request on my phone, but I am not logging into anything? 

  • Do not approve the request if you did not initiate it.  You should select 'deny' the request.
  • If you are using the app, you may have to open the app in full in order to select this.
  • Please report any suspicious activity on your account to the Helpdesk immediately. 
  • Telephone +44 (0)1707 284678 (available 24/7) or email: helpdesk@herts.ac.uk (Monday to Friday 08:00 to 17:00, except when the University is closed)
  • Remember, you can change your password anytime by going to https://www.pss.herts.ac.uk

Can I use the app for MFA on my personal accounts? 

  • Yes, you can add your personal Microsoft account and other non-MS accounts such as Google or Facebook. 
  • Find out more on the Microsoft help pages.  

MS MFA enrolment instructions if you have not been enrolled automatically 

For the easiest enrolment experience we recommend you have the following available before you begin: 

  • your mobile phone (connected to a good data signal, WiFi, or eduoram, if on campus)
  • a PC or tablet connected to the internet 

It is possible however to enrol in MFA using just a single smartphone with a Wi-Fi or data connection. 

Authentication via the Microsoft app on your smartphone is recommended. If you don’t have a smartphone, don’t worry, you can still use multi-factor authentication; see further down for non-smartphone setup instructions.

You do not have to use the Microsoft Authenticator App and alternative authenticator apps, such as Google Authenticator or Duo can be used for multi-factor authentication if you prefer, although we cannot provide support for these.

The following instructions are specifically for the Microsoft Authenticator app.
Set up is easy and once logged in just requires you to follow the on-screen instructions.

 On your PC / tablet go to https://mysignins.microsoft.com/security-info

(You can also sign in at https://mysignins.microsoft.com/security-info on your smartphone if that is all you have and follow the on-screen instruction to add your preferred authentication method) 

  1. If your university student account is not your default account, please log out first
    • It’s really important that you set this up on your UH Student Microsoft account as this will link it to your University username and password
  2. Log into your UH student account and remember to put @herts.ac.uk after your username
    • You will now see the 'my sign ins’ security info page

      my sign ins screen shot

  3. Once signed in click on ‘add method’
    • Select ‘authenticator app’ from the drop-down list
    • and then ‘add


      Add authentication method drop down list

  4. The next screen will ask you to install the Microsoft authenticator app
    • Leave this window open while you download the app to your smartphone.
    • If prompted allow notifications in the app

      Get the Microsoft authenticator app
  5. In the app, select ‘add an account’ and choose the one called ‘work or school’
    • Select the required app permissions such as ‘use camera,’ which you will need as part of the set-up process.  
    • You can change the cameral app permission when set up is complete.
    • Once you have downloaded the app click next on your computer.
  6. A QR code will be generated which you need to scan with your phone’s camera. 
    • If you can’t scan the image, you can enter the QR code and URL manually.
    • If the QR code times out, simply repeat.
    • Click next on your computer to get an ‘approve sign-in request sent to your phone to confirm it is all working.  

      QR code screen shot

  7. Confirm your sign-in on the authentication pop-up request that will appear on your phone, and you are now all signed up.  

  8. Within 24 hours you will now be asked to authenticate your login across a range of university systems.
    • Click on 'Azure Multi-Factor Authentication'.
    • Confirm on the app on your phone (you should see a pop-up).

Setting up Microsoft Multi-factor authentication (MFA) without a smartphone.

  1. On your PC / tablet go to https://mysignins.microsoft.com/security-info

  2. If your university student account is not your default account, please log out first
    • It’s really important that you set this up on your Student Microsoft account as this will link it to your university username and password.
  3. Log into your UH student account and remember to put @herts.ac.uk after your username
    • You will now see the ‘my sign ins’ security info page
  4. Once signed in click on ‘add method’
    • Select 'phone’ from the drop-down list
    • and then ‘add
  5. Select your country code and enter your phone number

  6. Select text me a code or call me

  7. Enter the code sent to your phone number to confirm your MFA setup. 
    • On the security page, you can then set the default authentication method to either call or text
  8. Within 24 hours you will now be asked to authenticate your login across a range of University systems.
    • You should still be able to sign in during this time

Guidance for new students

  • All new students are automatically directed to enrol in Microsoft  Multi-factor Authentication (MS MFA) as part of their University account setup process. 
  • Please read below for more information about MS MFA, and how to get help and support.
  • Remember to enter your username in the format: username@herts.ac.uk (e.g. ab19cde@herts.ac.uk) 
  • Can't sign in to complete registration? 

If you are a new student, the following video, created by Microsoft, will give you a good idea of what MS MFA enrolment looks like in practice.

Video: Set up multi-factor authentication with a mobile device in Microsoft

For all students: We strongly recommend that you add at least one alternative authentication method and/or device if you can.  

  • Being able to authenticate on a second device will enable you to access your accounts if you lose or forget your primary mobile device or if you need to set up MFA on a new phone.  It's also a good idea to set up different authentication methods on the same phone so you can choose between the app, phone call, or SMS.  
  • Simply return to https://mysignins.microsoft.com/security-info, log in and follow the on-screen instructions to add method.  
  • You can also choose your default authentication method here, although we always recommend using the app whenever possible.  

Remember that you need to have your authentication device with you when logging in with your University username and password. 

  • If you have lost or forgotten your authentication method, please contact the Helpdesk.  
  • Call 01707 284678 or Email: helpdesk@herts.ac.uk

Top tips for MFA: 

  • Remember: You must have your authentication device with you in order to log in - so please don't leave it behind.
  • It may take up to 20 mins for accounts to synchronise following authentication device setup. 
  • If you can, use the app with notification as your default method.  
  • Try not to uninstall and then reinstall the app once you have it as this may prevent you from logging in to your account. 
  • No signal? Changed your sim card? Open the app and use the One Time Passcode (OTP) to authenticate.  
  • Register more than one authentication device and method (e.g. app and phone number)

FAQs (frequently asked questions and answers)

I am a returning student, do I need to set up MFA each year?

  • No, setting up MFA is a one-time action and is linked to your Herts user account that you use throughout your studies at Herts.
  • However, you should learn how to manage your settings and devices, for example, if you get a new smartphone. 

I have been enrolled in MFA, but I'm only waiting for exam results now. Do I still need to do anything?

  • Yes,  enroling in MFA will help protect your account from being compromised, regardless of whether you are actively logging in to anything.
  • Even if you are a final-year student you may need to check your OneDrive to move any documents you want to retain and you won’t be able to do this without MFA after your enrolment deadline.  Find out more about copying/moving files once you have completed your course.
  • You retain access to your student login account for 6 months after you complete your studies.

Can I opt out of MFA?  

Can I remove myself from multi-factor authentication once enrolled? 

  • No, you cannot opt-out.
  • Removing your authentication method will not un-enroll you, but will prevent you from logging into our systems, including O365 applications and StudyNet.  
  • If you have removed your authentication methods and can no longer log in, please contact the Helpdesk.

What happens if I remove the UH account from the app?  

  • This is not recommended unless you already have the phone/SMS authentication method set up as well. 
  • You won’t be able to log into any system or update the security settings on your Microsoft account as you will no longer have any means of authenticating. You will need to call the Helpdesk.   

Will this cost me anything?

  • Downloading and using the authenticator app is free and this is the main authentication method we recommend.   Get the app on Google Play or the App Store  
  • The University and Microsoft will not charge for calls or texts, but you may be subject to usage charges to receive calls or texts just like any other call or text according to your phone contract. 

I don't have a smartphone.

Using the app on a smartphone is the easiest option and we recommend this. 

  • If you do not have a suitable phone, you can also authenticate via text or phone call. 
  • If you cannot use the app, text (SMS), or phone call options please contact the Helpdesk. 

Can I use a hardware authentication device such as Yubikey?

  • Yes, you can use a hardware device such as a Yubikey.
  • Please be aware that our Helpdesk is unable to provide support for setting up hardware devices used for authentication.
  • Not all hardware devices will be compatible with Microsoft Azure MFA. 
  • To identify compatible Yubikeys and Yubikey MFA enrolment instructions please read this article from Yubikey

I am already using the Microsoft Authenticator app for another account – can I use the same app? 

  • Yes – just follow the ‘add account’ instructions in the app. 
  • The app can handle multiple accounts.   
  • Different organisations may implement it slightly differently so please follow the step-by-step instructions we have provided. 

I can't remember my student login username and/or password 

What do I do if I lose or forget my authentication device?

  • Please contact that Helpdesk on +44 (0)1707 284678 (available 24/7), or email helpdesk@herts.ac.uk
  • You will be asked to provide your username or student ID number.
  • Please be aware that Helpdesk staff will need to confirm your identity but they will never ask for your password. 
  • You may need to wait 15 minutes once Helpdesk has provided assistance before you are able to log in.

How do I make sure notifications don't continue to go to my lost device? 

  • Adding Authenticator to your new device doesn't automatically remove the app from your old device. Even deleting the app from your old device isn't enough. You must both delete the app from your old device AND tell Microsoft or your organization to forget and unregister the old device. 
  • Find out more on the Microsoft FAQ page 

How do I set up MS MFA on a new phone?

Please ensure you have first set up an alternative method of authentication such as landline, SMS, or another mobile. 

If you are able to,  keep the authenticator app active on your old phone while you set up the new one, as that can still be used as a method of authentication.

If your phone has been lost or stolen you will need to sign in using one of your alternative authentication methods, which you have set up. If you do not have an alternative method already enabled, please contact the Helpdesk.

  1. Download the Microsoft MFA app to your new phone. 
  2. On your PC / tablet go to https://mysignins.microsoft.com/security-info
  3. Enter your password and sign in (you will be prompted to authenticate on your current device at this point) 
  4. Click 'Add method'
  5. From the drop-down options select your required method and click Add
  6. Open the App, click Add account, then click Work or school Account
  7. Select the option to Scan a QR code. You may get a prompt asking you to give the authenticator app permission to access the Camera. Please allow access to the camera.
  8. Scan the QR code
  9. Approve the notification that will now be sent to the app on your phone.
  10. Click Next
  11. The app set-up is complete, and your multi-factor authentication method has been set-up
  12. Delete the existing authentication methods linked to the old phone

I got a new device or restored my device from a backup. How do I set up my accounts in Authenticator again? 

Technical issues and troubleshooting

Troubleshooting - There are some common two-step verification problems that seem to happen more frequently than any of us would like. Microsoft has put together this article to describe fixes for the most common problems.

I am following the instructions to set up MFA but get an error message like this:

 MFA error message

We recommend opening up a different web browser (e.g. Firefox or Mozilla) and then logging into  https://mysignins.microsoft.com/security-info

Sometimes clearing your browser cache can help resolve a variety of issues.  Here are instructions on how to do this for some of the most commonly used browsers:  

Chrome browser

  • On your computer, open Chrome.
  • At the top right corner, click the 3 vertical dots
  • Click settings and then in the search bar at the top type "cache" - click clear browsing data
  • At the top, choose a time range.
  • Next to "Cookies and other site data" and "Cached images and files," check the boxes are ticked.
  • Click Clear data.
  • Restart Chrome

Safari browser

  • From the home screen, Select Settings > Safari.
  • At the bottom of Safari's settings screen, Select Clear cookies and data or Clear Cookies and Clear Cache.
  • Confirm when prompted.
  • Restart Safari

Edge browser

  • Open Microsoft Edge, select Menu (3 dots icon on top right corner of the browser) > Settings > Privacy, search & services.
  • Under Clear browsing data, select Choose what to clear.
  • Select "Cached images and files" and "Cookies and other site data" check box and then select Clear.
  • Restart Edge

IE (Internet Explorer) browser 

  • Click on the cog icon in the top right hand corner
  • Click Internet Options
  • Under Browsing history, Select Delete
  • In the window that opens, check the Temporary Internet Files & cookies and website data and press the delete button at the bottom.
  • Restart IE

I have made several attempts to login into my MFA account after setting it up but failed

  • Please contact the Helpdesk: Telephone:  +44 (0)1707 284678  or email: helpdesk@herts.ac.uk 

I have set up MFA but I am not receiving any SMS, calls, or push notifications when authenticating 

  • The most likely explanation is that you have changed your sim card (and telephone number), or perhaps you have lost your signal, Wi-Fi, or data connection.    
  • As long as you have previously set up the MS Authenticator app on your mobile phone you can use the One Time Passcode function. 
    This will continue to work even with no sim card or in airplane mode!  

When logging in to a University system and being asked to authenticate:

  1. Select Use a different verification option and then select Use verification code from mobile app 
  2. Open the MS MFA app on your phone, select your University of Hertfordshire account
  3. You will see a 6 digit One-time password code, which refreshes every 30 seconds
  4. Enter this on your log-in screen to complete authentication.

We recommend that if you use more than one sim card you register both for authentication, especially if you are an international student, travelling and studying both inside and outside the UK.   Go to https://mysignins.microsoft.com/security-info, log in and follow the on-screen instructions to 'add method'.  

I don’t see any notifications when the app is closed 

  • You may need to check your app and phone settings. 
  • Find out more on the Microsoft FAQ page. 

Will MFA affect external invitees' access to Zoom or Teams calls?

  • No. The MFA requirement relates to the UH user account, which external Zoom or Teams meeting invitees do not have.  

I am getting an error message when signing into Canvas

You may occasionally get a log-in failure when going to Canvas directly from a web browser via a bookmark.
This is a cache issue and is usually resolved by opening up Canvas in another browser or in incognito mode. 
 

NHS laptops and working in secure locations   

We are aware that NHS laptops may restrict your ability to manage your MFA devices and authenticate. 
If you are a student using a work computer (e.g. NHS) that restricts your web browser access you may need to log into a different device to set up your authentication methods.
  • Once set up you will be able to authenticate on the work computer you normally use.  
  • The LRCs are open 24/7 if you wish to come onto campus to use a PC. 

If you are working in a secure location where mobile phone access is restricted and are unable to authenticate please get in touch with the Helpdesk to discuss other options.  

I am a new student and I can't log in to complete registration.

  • You will initially need to log in using the username and one-time password we provided.
  • If you can't remember your details please contact the Helpdesk.
  • You can change or recover your University password online at  https://www.pss.herts.ac.uk/ 
  • You will not be able to log in further until you have set up your additional account authentication method, if you are unable to do this please contact the Helpdesk.  
  • If you have successfully logged in and set up your authentication method, but are still unable to complete registration please contact ask@herts.ac.uk and include a screenshot of your issue if possible. 

Setting up and using MFA outside the UK

 Q: Is the Microsoft Authenticator app for Android available for download in China. 

Q: Can I use MFA if I live or travel abroad?

Yes - please read these guidance notes.

The Microsoft Authenticator app is designed to work internationally. If you install the app, it can generate the required code without the need for either a telephone signal or data plan, and it can do this anywhere in the world.

If you have a signal and data plan, the app makes two-factor authentication as easy as pushing a single button, but if you don’t have one of those two things, you can use the app to generate a six-digit code and enter that manually.

  • You should check whether your MFA method is dependent on phone or internet signal and make other arrangements if necessary.
  • To make sure you don’t lose access to your account after making your journey, you will need to set up at least one way of getting into your account that doesn’t rely on a phone signal.
  • Once you have arrived you can log into https://mysignins.microsoft.com/security-info and add any further methods you’d like to use such as a local mobile or landline phone. The main method of authenticating your sign-in without a phone signal or internet connection is the authenticator app. 
  • Authenticator apps can create time-based one-time passwords (TOTPs) that you can use to verify your account without needing access to the internet or a mobile network. Once you have set up your app you can use a six-digit code to log in without incurring any charges for using your phone abroad.

If you are unable to authenticate after travelling to or from the UK, please contact the Helpdesk for further support.  

Q: I am an international student, do I need a phone with a UK sim card to use MFA?

  • No, you don't need a UK sim card, although will probably want to get one anyway once you arrive in the UK.
  • You can set up and use MFA in your home country and use your regular mobile device (with your local sim card) as your authentication method.
  • We recommend setting up the  Microsoft Authenticator app as one of your authentication methods as this will work wherever you are in the world, with or without a signal or data plan.
  • Once you travel to the UK you can continue to use the authenticator app, but we do recommend you get a UK sim card so you can set up an alternative authentication method such as SMS.
  • Once you have arrived you can log into My Sign Ins and add any further methods you’d like to use such as a local mobile or landline phone
  • We also recommend you get connected to free on-campus Wi-Fi once you arrive at the University. 

Q: I am an international student studying at an overseas campus/college - do I need to enrol in MFA? 

  • Yes. If you have a University of Hertfordshire student log-in account you will need to enrol in MFA.
  • We recommend using the Microsoft Authentication app on your smartphone as your authentication method

MFA and computer-based exams and assessments

  • You will be allowed to use an MFA device before the exam starts so you can successfully log in to any systems or software required for the exam.
  • Your authentication device (typically your mobile phone) must then be switched off and put away as instructed by the invigilator in accordance with the requirements for each exam session.
  • Please note that the arrangements may vary between exams.
  • If you have any issues with MFA before the exam or you have lost/forgotten your phone please contact the Helpdesk as soon as possible.  Telephone:  +44 (0)1707 284678 or  email: helpdesk@herts.ac.uk . 
  • For more detailed information please read: MFA and computer-based exam guidance for staff and students

Help and support

Find out more about the MS Authenticator app directly from Microsoft

Contact the Library and Computing Services Helpdesk 

  • Online:  https://helpdesk.herts.ac.uk/login  
  • Telephone:  +44 (0)1707 284678  
  • Email: helpdesk@herts.ac.uk 

Find out more, including information about permissions and data: Microsoft Authenticator app FAQs  

Contact Us

Helpdesk - Library and Computing Services

Library and Computing Services

Today - Open 24 Hours
Please refer to the LCS Service Status page for updates on service availability. https://status.herts.ac.uk. Online and telephone support is available 08:00 to 18:00 Monday - Friday with telephone support only available outside of these times