Multi Factor Authentication
In response to increased threats to the University's data and network, the Information Security Steering Group have approved the introduction of Multi Factor Authentication for staff accounts.
How does MFA work?
If you use mobile banking you will most likely have come across Multi-Factor Authentication already.
In addition to needing your password for access, MFA attaches an extra layer of security to your account by requesting a secondary action to allow your login. This makes it significantly more difficult for any unauthorised attempts to access your account and data.
This extra login step, called your Second Factor, is carried out using a mobile or smartphone and can be configured in the following ways:
- A notification received through the Microsoft Authenticator app, prompting you to enter a 2-digit number shown on screen. This is the most secure and convenient method and is recommended by IT.
- A text message to your phone, containing a 6 digit code. This option is intended for those without a device capable of installing the Authenticator app.
- Entering a 6-digit code from within your MFA app, known as an OATH code.
How do I set up and use MFA?
Every account must be secured with MFA. In order to access Horizon, Office 365, and other QMU applications remotely (away from campus) from any device, you will need to set up Multi-Factor Authentication. You don't need to be on campus to set it up, and the process takes around 5 minutes start to finish.
Please use the following guide to configure MFA on your account. It is mandatory to keep your account secure.
ITS recommend using the Microsoft Authenticator method, as it is the fastest and most secure method.
Please follow this guide to setup alerts from the Authenticator App (opens in a new tab).
If you cannot use the authenticator method, for example, you are using an older smartphone or lack storage space to install the app, please use the SMS (text message) approval method instead. Please keep in mind that this is dependent on your mobile phone signal and is less effective than the app.
Once you have your MFA setup completed, you will be alerted in real time if there is an attempt to access your account. It is imperative that you only approve access when you are aware of the login. Should you receive an out-of-the-blue request to grant access, contact the Helpdesk (helpdesk@qmu.ac.uk) immediately and have your password changed.
What if I change my phone?
If you change your mobile phone or mobile number, please follow the steps laid out in the below guide.
How do I change my MFA device or number (opens in a new tab)