Multi-factor authentication (MFA)

We are asking all University staff and postgraduate researchers to set up multi-factor authentication (MFA) to continue to access a number of services.

What multi-factor authentication is

Multi-factor authentication (MFA) provides a way of checking that you really are the person you are claiming to be when you sign in to important online services.

Multi-factor authentication is easy to use and gives you added protection against someone using your account details to impersonate you or access University data.

Once you have set up MFA, you will sometimes be asked to provide an additional piece of information when you log into an MFA-enabled service. This piece of information will be something that only you can access, such as a code created by an app on your smartphone or another device, or that’s sent to you by text message (SMS). 

Setting up multi-factor authentication also means that you will receive a request to authenticate if you or someone else attempts to access your account from an unusual location or device. If you receive a notification to authenticate but you have not attempted to log into your account, please change your password immediately and notify the IT Service Desk. This could be a sign that an attacker or cyber security threat actor is attempting to get into your account.

Who will be affected?

All University of Bristol staff and postgraduate researchers (PGR) are asked to set up multi-factor authentication (MFA). Students that also have a staff role are also asked to set up MFA.

Undergraduate and taught postgraduate students (PGT) are not affected.

What you need to do

Set up your authentication method

If you're a member of staff, a PGR, or a student with a staff role, you need to set up an authentication method in order to provide additional information when prompted.

Setting up multi-factor authentication (MFA) is quick and straightforward, and you only need to do it once.

Once you have set up MFA and chosen your preferred methods of authenticating, you will occasionally be prompted to use one of these methods to complete sign in. 

You can set up multi-factor authentication at any time by following the steps on the MFA set-up guide.

MFA set-up guide

Keeping your settings up to date

If you change your phone or device, please update your security authentication methods. Please remove them from your old phone and then set them up for your new device(s).

Setting up a second authentication method

We recommend that you also set up an alternative authentication method (that's different from your primary authentication method). That way you can still access your account if your primary authentication device is lost or stolen. You can find out more about this in the MFA set-up guide.

If you lose your phone or remove or reinstall the app (and this is the only authentication method you have set up), you will need to contact the IT Service Desk to reset your account.

Why it's important to use multi-factor authentication

Since August 2020, more than 20 further education and higher education institutions have undergone significant cyber attacks. These incidents have caused maximum disruption during the critical periods around exam results, clearing, and student enrolment. Some incidents are targeted at assets such as research data, while others are aimed at individuals.

Traditionally online services have checked people are who they claim to be by using usernames and passwords. Unfortunately, passwords are easy to access or guess as people often pick popular passwords or reuse the same password across many different sites.

Multi-factor authentication (MFA) is one of the most effective tools we can use to improve our cyber security. Using MFA significantly reduces the chances that your login details (known as “credentials”) will be compromised and your accounts accessed by attackers. This is because MFA requires you to provide additional proof (beyond a password alone) that you are who you say you are.

Microsoft research suggests multi-factor authentication can reduce such attacks with compromised credentials by as much as 99.9%.

Multi-factor authentication is already required by many online services, including banks and social media accounts.

Help and support

Support with set up

If you have questions or need guidance using multi-factor authentication, please use the resources outlined below.

If you require further support, please contact the IT Service Desk.

Help with sign-in

If you have forgotten or lost the device you use to authenticate and find you can’t sign in, or if you can’t access your account, please contact the IT Service Desk.

To avoid difficulties logging in to services if you've forgotten your device, we encourage you to set up an alternative sign-in method (by following the MFA set-up guidance).

Further reading

There are many online guides about multi-factor authentication, including: