Multi-factor authentication (MFA) rollout complete

The MFA Project Team are pleased to announce that multi-factor authentication (MFA) has now successfully been applied to nearly 70,000 primary and secondary Single Sign-On (SSO) accounts at Oxford.

We appreciate that MFA has been an additional task in an already stressful year, so we would like to thank everyone for their patience and understanding.

Tips for managing MFA when returning to on-site working and studying

As staff and students return to on-site working and studying, here is some advice for adjusting how you to do MFA:

  • If you have an office phone, you might want to add this as an authentication method: here are instructions for setting up MFA on a phone
  • If you were receiving a text message or phone call on your mobile to authenticate, you should check if you have a good mobile signal. If not, you might want to use the Authenticator app on your phone or the Authy app on your computer
  • If you don’t have good Wi-Fi or mobile phone signal where you work, or if you work across multiple sites, you can use one-time passcodes on the Authenticator app or a hardware token, which should be purchased through your normal route for purchasing IT equipment

If you want to change your MFA setup, look at our website

If you would like to find out about other options for managing MFA on your account, such as those that don’t involve using your personal mobile phone, please visit the MFA pages, which have been updated and expanded since the beginning of the MFA rollout.

Why did we bring in MFA?

alt=" "

Once they have gained access, cyber-criminals can use someone’s account to access confidential or valuable data at the University.

A key defence we have against these sorts of attack is multi-factor authentication, which helps to secure our accounts and data, by introducing a ‘double lock’ mechanism.

Since MFA was introduced at Oxford University, there has been a significant decrease in the number of incidents: this time last year we had over 450 compromised accounts in one month whereas over the same period this year there have only been 22.

We can’t say that this has all been down to MFA, but the trend has been an ever increasing level of threat in the education sector, not a decrease.

It is important that anyone with an SSO account remains vigilant: keeping anti-virus software updated, reporting and not responding to suspicious emails, watching out for fake links and forms, and only installing apps and software from trusted sources.

It is clear that those who wish to do us harm have not gone away, but with good coverage of MFA we have made the cyber threat actors’ job harder.