Managing multi-factor authentication (MFA) on your account

[Links updated September 2022]

Why do we need multi-factor authentication (MFA)?

Cyber-criminals can use someone’s account to access confidential or valuable data at the University, once they have access. A key defence we have against these sorts of attack is multi-factor authentication, which helps to secure our accounts and data, by introducing a 'double lock' mechanism.

Since MFA was introduced at Oxford University, there has been a significant decrease in the number of incidents: the year before we introduced MFA there were over 450 compromised accounts in one month, whereas during the same period in the second year, there were only 22.

Those who wish to do us harm have not gone away, but with good coverage of MFA we have made their job harder.

What is MFA?

Multi-factor authentication is a second layer of security on your Oxford University Single Sign-On (SSO) account asking you to verify your account using a second factor, such as a code from an app on your phone, a text message, or a phone call.

What MFA options do I have?

There are several options for authenticating with a second factor and which you choose is up to you.

For smart phones, you can:

  • Install the Microsoft Authenticator app, which can be used either with notifications or one-time passcodes - the app also works on tablets
  • Receive a text message with a code
  • Receive an automated phonecall

For office phones, you can receive an automated phonecall

For laptops or desktops, you can install the Authy app or buy a hardware token through your normal route for purchasing IT equipment

Our top tips below will help you get the most from MFA on your account.

MFA top tips


Where can I find help?

Guidance for setting up and managing MFA on your devices is available on the IT Help website.

If you get stuck, speak to your local IT support in the first instance - they can reset your account if needed. Otherwise, get in touch with the central IT Service Desk.