Multi-Factor Authentication (MFA)
Learn how to securely access the university’s network on your personal devices.
What is MFA?
Multi-Factor Authentication (MFA) is a way of authenticating (proving who you are) that doesn’t rely on a single piece of information. Most users will be familiar with MFA from their personal use of online banking, social media, online shopping and payment services, email, etc.
It is mandatory for all University accounts accessing the Manchester Met network, to ensure that you (and other users) are protected. In addition to this, registration for MFA also means that you can access Microsoft’s self-service password reset tool, which enables you to manage your password should you forget it.
What do I need to do?
- Step-by-step instructions are available on the MFA sign-up guide page
- Our preferred method for token generation is an authenticator app on a smartphone. This could be Microsoft’s app, Google’s, or a third-party one like LastPass. However, you can also opt to receive an SMS or a call
Multi-Factor Authentication sign-up guide
How to register for MFA
This video shows you the step-by-step process for how to register your for Multi-Factor Authentication.FAQs
-
Can I check if I've already signed up to MFA?
Yes, you can - go to account-security.mmu.ac.uk and use your MMU credentials to log in.
-
What are the Benefits of Multi-Factor Authentication?
Secure access for all users.
You can also now log in without having to type your password. Simply follow the step-by-step guide on how to enable Passwordless Authentication
-
Who else uses MFA?
Many other Universities have enforced MFA, including for on-campus access to core systems in some cases.
Use of MFA is also recommended by the UK’s National Cyber Security Centre. For those that are interested, there are some very readable articles on their website
-
Why have we made MFA compulsory?
- The primary threat that MFA protects against is the re-use of stolen or guessed credentials.
- The requirement for a second factor means that even if an attacker has managed to obtain your username and password, they will still not be able to impersonate you without having the additional proof that a second factor provides.
- At Manchester Met we see regular and sophisticated phishing attacks that result in users revealing their passwords to an attacker.
- While technical controls to block these attacks and general staff awareness will remain critical components in our defences, use of MFA is widely adopted and considered best-practice.
-
Do I need to register even if I don’t use a personal device to access Manchester Met systems?
This is about account protection as well as flexibility in accessing systems. So yes – even if you don’t intend to use a personal device to access Manchester Met systems, you still need to protect your account to prevent others from using it
-
Are there security risks with using my personal phone?
- Use of a personal phone should be seen as equivalent to your bank or other service providers (such as your email, PayPal, Amazon, eBay, etc) requiring you to do so for authentication: it is simply using an electronic tool already in your possession rather than requiring an extra one to be carried
- If using an authenticator app, this is not linked to your mobile phone number/account (for example, it will still work with your SIM card removed if you have internet access)
- If you already use an authenticator app for other web services outside of work, then adding Manchester Met services to the same app doesn’t alter the security of your device
-
Can I use MFA outside of work?
- Yes! And hopefully many of you are…
- MFA is widely used in online banking and increasingly common in other web services that involve high value information (whether personal information or financial transactions)
- If you opt to use an authenticator app on a smartphone, the same app can be used for any compatible service; you do not need a separate app for each MFA registration
Need support?
Need support?
If you have any issues, visit us Library Ground Floor, Monday - Friday 9am-5pm, for a face-to-face chat with the IT Service Desk or please get in touch via: