MFA is coming

(Now updated to mention otpclient.)

As you may know, the University is introducing MFA, or Multi-Factor Authentication. It’s doing this to increase security, to protect us from increasingly severe online threats. At the moment MFA is specifically for Microsoft services – Teams, email, SharePoint, Office 365, and so on.

What is MFA?

In practice what this means is that when you use one of these services, as well as being asked for your username and password you will occasionally also be asked to validate your login in some other way, usually by providing a 6 figure number, different each time.

You can get this number – a validation code – in a number of ways. For example, you can use an authenticator app on your smartphone or other device, or you can validate using a text message, or by means of a phone call to a phone number which you provide – perhaps your office phone if you have one.

You must register in advance

You can use whichever of these methods is convenient at the time, but you need to have set up each method before you can use it. This only has to be done once for each method you want to use. It’s a good idea to set up several different ways of validating your Microsoft login, so that if your favourite one isn’t available (say, if you lose your phone), you can still validate your login.

Of course, you need to have set these up in advance, before you need to use them. Don’t worry – it’s easier than you might think.

Who uses MFA?

We will all use it eventually, but the University is doing it in stages. In Informatics, Professional Services staff have already moved to MFA. At the time of writing, our research staff and research students will be moving to it soon. Everyone will be moved to it at some point this year or next.

To find out more

The University’s MFA site tells you all about it, including how to set up your validation methods and which ones might be right for you.

Need help?

The dedicated MFA support team can provide help when you need it, 7 days a week.

MFA validation on DICE

On DICE you can generate your MFA codes using otpclient. There’s also a command line version called otpclient-cli.
Each of these has a man page, but there’s also an excellent writeup of how to use them on the otpclient wiki at How to use OTPClient (external link).

To add otpclient as an authenticator for your Office 365 account, use the University’s instructions for Alternative authenticator apps.

There’s a version of this article at

About Chris Cooke

Chris Cooke is a Computing Officer in the School of Informatics at the University of Edinburgh. He works in the Systems Unit and rides a very large bicycle.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply