Multi-factor authentication (MFA)

All University members must set up multi-factor authentication (MFA) on their University account. You will need to set up MFA the first time you use your University username and password to log in to a University service

Multi-factor authentication (MFA) is an additional layer of security for online accounts. 

MFA helps protect your personal and financial information. Using MFA reduces the risk of someone gaining access to your account even if they find out your username and password, for example through a cyber attack or scam. Microsoft research suggests MFA can reduce such attacks by as much as 99.9%.  

MFA is a condition of the policies you agreed to when you signed the Student Agreement (students) or the general terms and conditions of employment (staff).

On this page:

• How to set up MFA
• Set up MFA using an authenticator app (recommended)
• Set up MFA without a smartphone
• Set up MFA using a security key
• Set up a second MFA method
• If you need to travel
• If you get a new phone or device
• Help and support

How to set up MFA

Set up MFA on your University account

MFA enrolment overview diagram

Set up MFA (video)

Set up MFA using an authenticator app (recommended)

You'll be prompted to set up MFA the first time you try to log in to a University service.

For the best experience, we recommend you use the Microsoft Authenticator app. You can use the Microsoft Authenticator app when travelling, even if you change your SIM or do not have data roaming switched on. If you prefer to use another authenticator app, you can, but please be aware that IT Services may be unable to provide support for another app.

You will need: 

• Your mobile phone (connected to a good data signal, wifi, or Eduroam, if you are on campus)
• A PC or tablet connected to the internet. If you are a staff member or postgraduate research student, you must use your University laptop or computer.
• If you are an undergraduate student or a postgraduate taught student, it is possible to set up MFA using just a single smartphone with a wifi or data connection. 

The following instructions are for the Microsoft Authenticator app.

1. The first time you use your University username and password to try to access a University service, you will reach a screen saying 'More information required. Your organisation needs more information to keep your account secure'. We recommend you do this on your PC or tablet using a browser.
   

   

2. Log into your University of Bristol account using your username and password. Your username should include @bristol.ac.uk, for example, ab99456@bristol.ac.uk.

    

   ‌

3. Once signed in, you will see a message that says 'start by getting the app'. We recommend you use the Microsoft Authenticator app.
   • Leave this window open while you download the app to your smartphone.
   • On your smartphone, download and install the 'Microsoft Authenticator' app from Google Play or the App Store depending on your device. 
   • If prompted allow notifications in the app.
   • Once you have downloaded the app on your phone, click 'next' on your computer.
   • If you do not have a smartphone, please click 'I want to set up a different method" at the bottom of the message, and follow the instructions below to set up MFA without a smartphone. 

5. In the app, select ‘add an account’ and choose the option ‘work or school’.   

• Select the required app permissions such as ‘use camera’, which you will need as part of the set-up process.
• You can change the camera app permission when set up is complete.
• Once you have downloaded the app, click 'next' on your computer.

6. In your browser, a QR code will be generated which you need to scan using the camera on your phone.

• If you can’t scan the image, you can manually enter the QR code and URL. If the QR code times out, simply repeat.
• Click next on your computer.  

7. Next, you need to try out the app. In the app on your phone, type the number shown on your computer screen or other device and click 'yes' to confirm sign in.

Important note: if you ever receive a prompt from the Authenticator app that does not match your attempts to log in to or use a University service, you must click 'no, it's not me' to block the attempt. Unexpected requests or prompts when you are not using a University service could indicate that another person is trying to access your account. If this happens, please change your University password immediately and contact IT Services.

8. You are now signed up to use MFA!

Within 24 hours, you will start to be asked to authenticate when you sign into various University services. You will still be able to sign in during this time.

Set up MFA without a smartphone

1. The first time you use your University username and password to try to access a University service, you will reach a screen saying 'More information required. Your organisation needs more information to keep your account secure'. 

    

   Log into your University of Bristol account using your username and password. Your username should include @bristol.ac.uk, for example, ab99456@bristol.ac.uk.
2. Once signed in, you will see a message that says 'start by getting the app'. Please click 'I want to set up a different method' at the bottom of the message.
3. Select 'phone’ from the drop-down list, and then 'add'.
4. Select your country code and enter your phone number. Select 'text me a code' or 'call me'. Please leave out the initial '0' when entering your phone number (for example, enter 7912345678 for a UK number).
5. Enter the code sent to your phone number to confirm your MFA setup.
6. On the security page, you can then set the default authentication method to either phone call or text (SMS).
7. Within 24 hours you will be asked to authenticate your login across a range of University services. You should still be able to sign in during this time.

Microsoft's video shows what the MFA set-up looks like in practice: Video: Set up multi-factor authentication with a mobile device in Microsoft.

Set up MFA using a security key

You can also use a USB security key (YubiKey) as an MFA method.

Students and staff can collect a security key from the IT Counter. You must show your student or staff ID card (UCard) to collect a security key. 

You can also buy your own USB security key. This must be a Yubico Security Key C NFC.

Note: To add a security key, you must have set up another MFA method.

Set up a second MFA method

You may temporarily lose access to some University services if you:

• Forget the phone or device you use for MFA
• Lose or break the phone (or other device) you use
• Get a new phone (or device) and fail to set up MFA on the new device correctly
• Travel away from the UK and have text message (SMS) or phone call authentication set up as your main authentication method. Text messages are unreliable, particularly when you are travelling.

To reduce the risk of this happening, we recommend that you add a second authentication method, preferably one you can access using a different device.

To set up a second method, log into the Microsoft Security Information page, click "Add sign-in method" and follow the steps on-screen.

If you have more than one device

If you have more than one device (for example a smartphone and a tablet or laptop), we recommend you also install the Microsoft Authenticator app on your second device. Log into the Microsoft Security Information page on your main device, click "Add sign-in method" and follow the steps on-screen to set up the second device.    

If you do not have a second device

If you do not have a second device, we still recommend you add a second authentication method. Log into the Microsoft Security Information page, click "Add sign-in method," and follow the steps on-screen.   

If you need to travel

If you travel and need to access University services, please use an authenticator app as your default sign-in method. Log into the Microsoft Security Information page, and make sure the "Default sign-in method" is the authenticator app. Text messages and phone calls can be unreliable when you travel.

You can obtain a one-time code in the app if you do not have data while travelling. Simply open the app and click “University of Bristol” to see the one-time code.

Remember to take your MFA device with you when you travel.

If you get a new phone or device

If you have a new phone, please follow the instructions to set up MFA on the new device.

Help and support

We have advice about using MFA, including how to sign in with MFA, and how to set MFA up on a new phone.

If you need more support, please contact IT Services by phoning 0117 428 2100 (available 24 hours), visiting the IT Counter or raising a ticket using the IT self-service site (requires log-in). 

Form for students to report problems with accessing their UoB account when overseas

This form is for students at the University of Bristol who are currently overseas and need to report an access problem that prevents them from using the self-service site or calling the IT Service Desk. If you are able to use the self-service site or call the Service Desk, please use those methods; otherwise, complete the form.