Skip to main content

Multi-factor Authentication (MFA)

Cyber security: Find out what action you need to take to protect your University login account

Students are now being enrolled in MFA

  • Multi-factor Authentication (MFA) will be required on all student login accounts by 1 August 2022 at the latest.
  • Most students will be contacted before 01 August to set up MFA.  Please look out for email messages from us and take action to retain access to your account
  • Students commencing studies from Jan 2022 are enrolled automatically.
  • MFA helps to protect student accounts and our University from cyber criminals 

Get the Microsoft Multi-factor Authentication app 

We urge all students to set up multi-factor authentication (MFA) without delay

Please view this video and find out how to set up MFA on your University user account.   

MFA enrolment overview diagram:

MFA set up process diagram

MFA, which requires that users authenticate with at least two factors, can reduce the risk of identity compromise by as much as 99.9 percent over passwords alone. Source: Microsoft

What is Multi-factor authentication (MFA)?

  • Multi-factor authentication (MFA) adds another layer of security to your online accounts by verifying your identity using a second factor and prevents anyone but you from logging in, even if they know your password.  
  • The second factor could be a push notification sent to an app on your phone or a code sent by SMS or a phone call. 
  • At the University of Hertfordshire, we are using Microsoft’s Azure AD Multi-factor Authentication (MS MFA) facility and supporting the use of the Microsoft Authenticator app for student accounts. 
  • For the best user experience, we recommend using the push notification on the Microsoft authenticator app. 
  • Find out more about the Microsoft Authenticator App

Who needs to enrol in MS MFA? 

  • All University of Hertfordshire students. 
  • Staff and PGR students who are already enrolled on Duo MFA may additionally enrol in MS MFA if they wish, but it is not necessary, and should not delete their Duo MFA authentication method.

Why do I need to enrol in MS MFA?

  • To help protect your University user account and your data.
  • To help protect our University from the actions of cyber criminals. 

When do I need to do it? 

  • The sooner you enrol your student account in MS MFA the sooner you get increased protection on your login credentials and your data.
  • We have made this easy for new students, who from January 2022,  are directed to set up MS MFA as part of their account creation process.   
  • Any student with circumstances that prevent them from enrolling, for example relating to accessibility issues,  should contact the Helpdesk.  
  • All students will be contacted before 01 August with their School's enrolment date, but you don't need to wait to enrol. 

The following instructions are for students who started their studies before January 2022 and who do not already have MFA set up.

MS MFA enrolment instructions for students (pre 2022) 

For the easiest enrolment experience we recommend you have the following available before you begin: 

  • your mobile phone (connected to a good data signal, WiFi, or eduoram, if on campus)
  • a PC or tablet connected to the internet 

It is possible however to enrol in MFA using just a single smartphone with a Wi-Fi or data connection. 

Authentication via the Microsoft app on your smartphone is recommended. If you don’t have a smartphone, don’t worry, you can still use multi-factor authentication; see further down for non-smartphone setup instructions.

You do not have to use the Microsoft Authenticator App and alternative authenticator apps, such as Google Authenticator or Duo can be used for multi-factor authentication if you prefer, although we cannot provide support for these.

The following instructions are specifically for the Microsoft Authenticator app.
Set up is easy and once logged in just requires you to follow the on-screen instructions.

 On your PC / tablet go to

(You can also sign in at on your smartphone if that is all you have and follow the on-screen instruction to add your preferred authentication method) 

  1. If your university student account is not your default account, please log out first
    • It’s really important that you set this up on your UH Student Microsoft account as this will link it to your University username and password
  2. Log into your UH student account and remember to put after your username
    • You will now see the 'my sign ins’ security info page

      my sign ins screen shot

  3. Once signed in click on ‘add method’
    • Select ‘authenticator app’ from the drop-down list
    • and then ‘add

      Add authentication method drop down list

  4. The next screen will ask you to install the Microsoft authenticator app
    • Leave this window open while you download the app to your smartphone.
    • If prompted allow notifications in the app

      Get the Microsoft authenticator app
  5. In the app, select ‘add an account’ and choose the one called ‘work or school’
    • Select the required app permissions such as ‘use camera,’ which you will need as part of the set-up process.  
    • You can change the cameral app permission when set up is complete.
    • Once you have downloaded the app click next on your computer.
  6. A QR code will be generated which you need to scan with your phone’s camera. 
    • If you can’t scan the image, you can enter the QR code and URL manually.
    • If the QR code times out, simply repeat.
    • Click next on your computer to get an ‘approve sign-in request sent to your phone to confirm it is all working.  

      QR code screen shot

  7. Confirm your sign-in on the authentication pop-up request that will appear on your phone, and you are now all signed up.  

  8. Within 24 hours you will now be asked to authenticate your login across a range of university systems.
    • Click on 'Azure Multi-Factor Authentication'.
    • Confirm on the app on your phone (you should see a pop-up).

Setting up Microsoft Multi-factor authentication (MFA) without a smartphone.

  1. On your PC / tablet go to

  2. If your university student account is not your default account, please log out first
    • It’s really important that you set this up on your Student Microsoft account as this will link it to your university username and password.
  3. Log into your UH student account and remember to put after your username
    • You will now see the ‘my sign ins’ security info page
  4. Once signed in click on ‘add method’
    • Select 'phone’ from the drop-down list
    • and then ‘add
  5. Select your country code and enter your phone number

  6. Select text me a code or call me

  7. Enter the code sent to your phone number to confirm your MFA setup. 
    • On the security page, you can then set the default authentication method to either call or text
  8. Within 24 hours you will now be asked to authenticate your login across a range of University systems.
    • You should still be able to sign in during this time

Guidance for new students from January 2022

  • New students, starting their studies from January 2022 onwards, are automatically directed to enrol in Microsoft  Multi-factor Authentication (MS MFA) as part of their University account setup process. 
  • Please read below for more information about MS MFA, and how to get help and support.
  • Remember to enter your username in the format: (e.g. 
  • Can't sign in to complete registration? 

If you are a new student, the following video, created by Microsoft, will give you a good idea of what MS MFA enrolment looks like in practice.

Video: Set up multi-factor authentication with a mobile device in Microsoft

For all students: We strongly recommend that you add at least one alternative authentication method and/or device if you can.  

  • Being able to authenticate on a second device will enable you to access your accounts if you lose or forget your primary mobile device or if you need to set up MFA on a new phone.  It's also a good idea to set up different authentication methods on the same phone so you can choose between the app, phone call, or SMS.  
  • Simply return to, log in and follow the on-screen instructions to add method.  
  • You can also choose your default authentication method here, although we always recommend using the app whenever possible.  

Remember that you need to have your authentication device with you when logging in with your University username and password. 

  • If you have lost or forgotten your authentication method, please contact the Helpdesk.  
  • Call 01707 284678 or Email:

Top tips for MFA: 

Remember: You must have your authentication device with you in order to log in - so please don't leave it behind.

Signing up is quick and easy, but choose a time that is convenient for you.
However, if you do not set up MFA  on your student login account before your School's enrolment deadline please be aware that it can take up to 20 mins for your accounts to synchonise.

If you can, use the app with notification as your default method.  

Try not to uninstall and then reinstall the app once you have it as this may prevent you from logging in to your account. 

No signal? Changed your sim card? Open the app and use the One Time Passcode (OTP) to authenticate.  

Register more than one authentication device and method (e.g. app and phone number)

FAQs (frequently asked questions and answers)

Most common user query this month: Why have I been asked to set up MFA before my friend on another course?

A: There could be a number of reasons: 

  • Certain user accounts need more protection than others, for example, if you regularly use the Virtual Private Network (VPN).
  • Your  School of study is being enrolled earlier than other schools
  •  We may require you to set up MFA early where your account has been previously blocked. 
  • All students will eventually have MFA and early enrolment means you will benefit from greater protection sooner. 

I have been given my deadline to enrol in MFA, but I'm only waiting for exam results now. Do I still need to do it?

  • Yes,  enroling in MFA will help protect your account from being compromised, regardless of whether you are actively logging in to anything.
  • Even if you are a final year student you may need to check your OneDrive to move any documents you want to retain and you won’t be able to do this without MFA after your enrolment deadline.  Find out more about copying/moving files once you have completed your course.
  • You retain access to your student login account for 6 months after you complete your studies.

Can I opt-out of MFA?  

No, you cannot choose to opt-out of enrolling in MFA once you have been given your enrolment deadline.  

What happens if I don't enrol in MFA by the deadline I have been given?
We will email you about your specific deadline, but you can sign up at any time before then.

  • Please don't delay your MFA enrolment until you need to access a system. 
  • If you leave enrolment until the deadline you may not be able to log in when you need to; that is why we strongly recommend enrolling before the deadline. It also means you can do it at a time when you don't need to access systems for exams or assignment submissions. 
  • Giving yourself time to read and follow the instructions will make it much more likely you won't run into any issues.   

Can I remove myself from multi-factor authentication once enrolled? 

  • No, once you set up your authentication method our systems will automatically apply MFA rules to your student log-in account.
  • Removing your authentication method will not un-enroll you, but will prevent you from logging into our systems, including O365 applications and StudyNet.  
  • If you have removed your authentication methods and can no longer log in, please contact the Helpdesk.

MFA on blocked student accounts

  • Your student login account may have been blocked (or locked) for a variety of reasons
  • As soon as your account is blocked the MFA requirement will be triggered automatically and you will need to enrol in MFA as soon as your account is made active again. 
  • You will be unable to access a range of systems until MFA is set up.
  • If you are unable to set up MFA and you have time-critical assignment submissions or computer-based exams due, please contact the Helpdesk (available 24/7).    

What happens if I remove the UH account from the app?  

  • This is not recommended unless you already have the phone/SMS authentication method set up as well. 
  • You won’t be able to log into any system or update the security settings on your Microsoft account as you will no longer have any means of authenticating. You will need to call the Helpdesk.   

Will this cost me anything?

Downloading and using the authenticator app is free and this is the main authentication method we recommend.   Get the app on Google Play or the App Store  

The University and Microsoft will not charge for calls or texts, but you may be subject to usage charges to receive calls or texts just like any other call or text according to your phone contract. 

I don't have a smartphone, or access to a PC

I don’t have a smartphone. Can I still use it? 

Using the app on a smartphone is the easiest option and we recommend this. 

  • If you do not have a suitable phone, you can also authenticate via text or phone call. 
  • If you cannot use the app, text (SMS), or phone call options please contact the Helpdesk. 

Do I have to pay for texts and calls if I can’t use the app? 

  • No SMS or call charges are made by Microsoft or UH, but you might be charged for the phone calls or text messages you receive, according to your personal phone service. 

Can I use a hardware authentication device such as Yubikey?

  • Yes, you can use a hardware device such as a Yubikey.
  • Please be aware that our Helpdesk is unable to provide support for setting up hardware devices used for authentication.
  • Not all hardware devices will be compatible with Microsoft Azure MFA. 
  • To identify compatible Yubikeys and Yubikey MFA enrolment instructions please read this article from Yubikey

I don't have access to a PC or tablet can I still enrol in MS MFA?

  • Yes, you can, although it is easier if you are able to log into another device than the one you are using as your authentication method.
  • You will need to have a smartphone with a wi-fi or data connection.
  • Sign in at on your phone then follow the on-screen instructions to set up your authentication method.
  • You can use the Authenticator App or SMS/Phone call as your authentication method. 
  • If you get a time out or error message please retry. 

How do I set up MFA for the first time?

All you need to know is on this page and our top tip is to watch the video first

Please note that if you are a student using a work computer (e.g. NHS) that restricts your web browser access you may need to complete the initial  MFA setup using a different device.

  • Once set up you will be able to authenticate on the work computer you normally use.  
  • The LRCs are open 24/7 if you wish to come onto campus to use a PC. 

I am already using the Microsoft Authenticator app for another account – can I use the same app? 

  • Yes – just follow the ‘add account’ instructions in the app. 

I have already set up MS MFA on my University Microsoft account. What do I do next? 

  • If you have already downloaded the MS Authenticator and recorded your authentication device(s) on your University Microsoft account then you don't need to do anything else. 
  • But do remember to keep your authentication methods up to date (e.g. if you get a new phone) and make sure you can access your device whenever you may need to sign into our systems.

I already use the app at another institution will this be a problem? 

  • No, it shouldn’t be a problem as the app can handle multiple accounts.   
  • Different organisations may implement it slightly differently so please follow the step-by-step instructions we have provided. 

Can I use a different authentication app? 

  • We are not supporting other apps for authenticating your University of Hertfordshire account.  

I can't remember my student login username and/or password 

How do I manage my MFA devices and methods?

  • Simply return to, log in and follow the on-screen instructions to add method.  
  • You can also choose your default authentication method here, although we always recommend using the app whenever possible.  

How do I use MFA?

Once enrolled lookout for an authentication request on your device when you are logging in using your student username.
How often you have to authenticate will vary and is dependent on factors such as switching between browsers and devices.   

When would I use the verification code that appears in the app? 

  • Sometimes it may not be possible to use the push notification; perhaps you have no Wi-Fi or phone signal but you need to log into a system.   In this case, you can use the one-time password code in the app, which is refreshed every 30 seconds and works even in airplane mode.   
  • When logging in to a UH system select ‘use a different verification option’

I have received an authentication request on my phone, but I am not logging into anything? 

  • Do not approve the request if you did not initiate it.  You should select 'deny' the request.
  • If you are using the app, you may have to open the app in full in order to select this.
  • Please report any suspicious activity on your account to the Helpdesk immediately. 
  • Telephone +44 (0)1707 284678 (available 24/7) or email: (Monday to Friday 08:00 to 17:00, except when the University is closed)
  • Remember, you can change your password anytime by going to

Can I use the app for MFA on my personal accounts? 

  • Yes, you can add your personal Microsoft account and other non-MS accounts such as Google or Facebook. 
  • Find out more on the Microsoft help pages.  

What do I do if I lose or forget my device or want to switch to a new device?

I have forgotten or lost my authentication device and I can't log in.

  • Please contact that Helpdesk on +44 (0)1707 284678 (available 24/7), or email
  • You will be asked to provide your username or student ID number.
  • Please be aware that Helpdesk staff will need to confirm your identity but they will never ask for your password. 
  • You may need to wait 15 minutes once Helpdesk has provided assistance before you are able to log in.

I got a new device or restored my device from a backup. How do I set up my accounts in Authenticator again? 

I lost my device or moved on to a new device. How do I make sure notifications don't continue to go to my old device? 

  • Adding Authenticator to your new device doesn't automatically remove the app from your old device. Even deleting the app from your old device isn't enough. You must both delete the app from your old device AND tell Microsoft or your organization to forget and unregister the old device. 
  • Find out more on the Microsoft FAQ page 

Technical issues and troubleshooting

Troubleshooting - There are some common two-step verification problems that seem to happen more frequently than any of us would like. Microsoft has put together this article to describe fixes for the most common problems.

I am following the instructions to set up MFA but get an error message like this:

 MFA error message

We recommend opening up a different web browser (e.g. Firefox or Mozilla) and then logging into


I have made several attempts to login into my MFA account after setting it up but failed

  • Please contact the Helpdesk: Telephone:  +44 (0)1707 284678  or email: 

I have set up MFA but I am not receiving any SMS, calls, or push notifications when authenticating 

  • The most likely explanation is that you have changed your sim card (and telephone number), or perhaps you have lost your signal, Wi-Fi, or data connection.    
  • As long as you have previously set up the MS Authenticator app on your mobile phone you can use the One Time Passcode function. 
    This will continue to work even with no sim card or in airplane mode!  

When logging in to a University system and being asked to authenticate:

  1. Select Use a different verification option and then select Use verification code from mobile app 
  2. Open the MS MFA app on your phone, select your University of Hertfordshire account
  3. You will see a 6 digit One-time password code, which refreshes every 30 seconds
  4. Enter this on your log-in screen to complete authentication.

We recommend that if you use more than one sim card you register both for authentication, especially if you are an international student, travelling and studying both inside and outside the UK.   Go to, log in and follow the on-screen instructions to 'add method'.  

I don’t see any notifications when the app is closed 

  • You may need to check your app and phone settings. 
  • Find out more on the Microsoft FAQ page. 

Will MFA affect external invitees' access to Zoom or Teams calls?

  • No. The MFA requirement relates to the UH user account, which external Zoom or Teams meeting invitees do not have.  

I am a new student and I can't log in to complete registration.

  • You will initially need to log in using the username and one-time password we provided.
  • If you can't remember your details please contact the Helpdesk.
  • You can change or recover your University password online at 
  • You will not be able to log in further until you have set up your additional account authentication method, if you are unable to do this please contact the Helpdesk.  
  • If you have successfully logged in and set up your authentication method, but are still unable to complete registration please contact and include a screenshot of your issue if possible. 

Setting up and using MFA outside the UK

 Q: Is the Microsoft Authenticator app for Android available for download in China. 

Q: Can I use MFA if I live or travel abroad?

Yes - please read these guidance notes.

The Microsoft Authenticator app is designed to work internationally. If you install the app, it can generate the required code without the need for either a telephone signal or data plan, and it can do this anywhere in the world.

If you have a signal and data plan, the app makes two-factor authentication as easy as pushing a single button, but if you don’t have one of those two things, you can use the app to generate a six-digit code and enter that manually.

  • You should check whether your MFA method is dependent on phone or internet signal and make other arrangements if necessary.
  • To make sure you don’t lose access to your account after making your journey, you will need to set up at least one way of getting into your account that doesn’t rely on a phone signal.
  • Once you have arrived you can log into and add any further methods you’d like to use such as a local mobile or landline phone. The main method of authenticating your sign-in without a phone signal or internet connection is the authenticator app. 
  • Authenticator apps can create time-based one-time passwords (TOTPs) that you can use to verify your account without needing access to the internet or a mobile network. Once you have set up your app you can use a six-digit code to log in without incurring any charges for using your phone abroad.

If you are unable to authenticate after travelling to or from the UK, please contact the Helpdesk for further support.  

Q: I am an international student, do I need a phone with a UK sim card to use MFA?

  • No, you don't need a UK sim card, although will probably want to get one anyway once you arrive in the UK.
  • You can set up and use MFA in your home country and use your regular mobile device (with your local sim card) as your authentication method.
  • We recommend setting up the  Microsoft Authenticator app as one of your authentication methods as this will work wherever you are in the world, with or without a signal or data plan.
  • Once you travel to the UK you can continue to use the authenticator app, but we do recommend you get a UK sim card so you can set up an alternative authentication method such as SMS.
  • Once you have arrived you can log into My Sign Ins and add any further methods you’d like to use such as a local mobile or landline phone
  • We also recommend you get connected to free on-campus Wi-Fi once you arrive at the University. 

MFA and computer-based exams and assessments

  • You will be allowed to use an MFA device before the exam starts so you can successfully log in to any systems or software required for the exam.
  • Your authentication device (typically your mobile phone) must then be switched off and put away as instructed by the invigilator in accordance with the requirements for each exam session.
  • Please note that the arrangements may vary between exams.
  • If you have any issues with MFA before the exam or you have lost/forgotten your phone please contact the Helpdesk as soon as possible.  Telephone:  +44 (0)1707 284678 or  email: . 
  • For more detailed information please read: MFA and computer-based exam guidance for staff and students

Help and support

Find out more about the MS Authenticator app directly from Microsoft

Contact the Library and Computing Services Helpdesk 

  • Online:  
  • Telephone:  +44 (0)1707 284678  
  • Email: 

Find out more, including information about permissions and data: Microsoft Authenticator app FAQs  

Contact Us

Helpdesk - Library and Computing Services

Library and Computing Services

Today - Open 24 Hours
Please refer to the LCS Service Status page for updates on service availability. Online and telephone support is available 08:00 to 17:00 Monday - Friday with telephone support only available outside of these times