Protecting your data with MFA

To improve our cybersecurity and protect personal data, all BCU staff, students and graduates will need to register for Multi-Factor Authentication (MFA). MFA means you will need to verify your login when accessing BCU systems, similar to what you may have set up for online banking. 

Person using phone to log in

What is Multi Factor Authentication?

Multi Factor Authentication (MFA) is the process of using two or more independent factors to verify a user's identity for a login, and to access secure data - similar to what you may use with online banking.

  • The first factor is something known only to you - your BCU password.
  • The second factor is a single use code sent to your personal device (mobile phone or tablet) OR a message sent asking for confirmation that you are attempting to log in.

Why do we need MFA? What are the benefits?

MFA protects your personal data, BCU data and keeps the University secure against cyber attacks.

Each year, cyber attacks are becoming more sophisticated and safeguarding our data has become more crucial than ever. Multi Factor Authentication is just one of the vital security measures in place as a solution to this.

Always remember that, as a staff member, student or graduate of BCU, you have a responsibility to keep data secure and be on guard against possible breaches and theft.

Which systems are protected by MFA?

  • iCity
  • Outlook (email)
  • Moodle
  • Mahara
  • Office 365 suite of applications

How do I register for MFA?

When you attempt to login to access any BCU services from outside of the University you will be prompted to register for MFA. Follow these simple steps to activate your authentication.

View User Guide

You will not be able to access BCU services until you have activated your authentication.

Changing your password

MFA also gives you the ability to reset or change your BCU password yourself, from home.

If you have been set up with MFA, you will now have access to reset or change your password for BCU services when you:

  • Are working remotely from the BCU network (at home or somewhere else off campus),
  • Have internet access and,
  • Have access to another device (a mobile phone or tablet).

Instructions for resetting your password are available from iCity.

Instructions: How to reset your password

For IT Help and support

Please contact IT Helpdesk via or 0121 331 6543 with your query and a contact number and a member of the support team will call you back at the earliest opportunity.

Multi-Factor Authentication FAQs

What do I need in order to use MFA?

In order to register for MFA, you will need to download the Microsoft Authenticator Application. When you attempt to log in to a BCU service, a prompt will be sent from the app on your personal device asking you to approve the log in.

You will also need to set up a secondary option, which you can choose from the following options:

  1. Code to your mobile via SMS – You will receive a text message providing you with a code to enter on the log in page. This option is ideal for working remotely – works with any mobile phone, no app to install and no cost to receive SMS in the UK (roaming costs may apply to receive SMS outside of the UK). A mobile signal will be required to use this option.
  2. Call to your mobile – As above, a quick call requesting you press the # key to authenticate your log in. This is another quick and easy option – no codes to enter, no app to install and works with any mobile phone. Roaming costs may apply to receive calls if you are working outside of the UK.
When will I be asked to use MFA?

You will only be prompted to use MFA to log in when you are logging into your emails, Moodle, iCity and Office 365 applications from outside of the University. You will not be asked to use it when you are on campus.

How often do I need to do this?

Once you have logged in to your emails, Moodle, iCity, Office 365 using MFA, you will be remembered for that service until you log out or end your session. Remember this only applies when using protected services when outside of the University network.

Do I have to use this to log in to a BCU PC/laptop?

No. MFA is not used for logging in to PCs or laptops, it only applies to accessing your email, Moodle, iCity and Office 365 applications.

If I take my laptop to a classroom and connect to Wi-Fi, will I have to use MFA?

No, the University Wi-Fi is still considered to be within the University network so you will not be prompted to use MFA if you take your laptop to a room and use the Eduroam Wi-Fi connections.

If I take a BCU laptop home will I have to use MFA?

Yes, if you use a BCU laptop on any network other than in the University you will be prompted to use MFA to access any protected systems.

Can I change my preferred MFA option?

Yes, you can change your option at any time by logging into and either changing your phone number or choosing a different option. You will be required to authenticate with MFA to log into this site and will be prompted to authenticate with your new option as part of the process so must have the device with you.

Will MFA cost me anything?

There is no charge for using the MFA App, if you decide to use either the call back or SMS text option there is no cost for the calls or messages being sent to you within the UK, however if you use this from outside the UK you may be charged a roaming fee by your service provider. For more details on any charges please consult your mobile phone contract or contact your service provider.

My mobile is not a smart phone, can I still use it?

Yes, you can use any mobile phone to receive SMS codes or a call back to approve your log in.

What data about me does the App collect?

Like many Apps, this one collects data to enable service improvements, the Microsoft Authenticator App’s Privacy policy complies with GDPR and allows you to customise what data is collected and switch on/off data gathering. However, in order to function properly, the App requires access to several phone features and resources including your account settings, contacts, SMS to receive messages, read and write to memory storage and use of the camera to read a QR code on set up.

I don’t have or don’t want to use my mobile phone for this. How can I log in?

If you would prefer, you can use another mobile device such as a tablet or iPad. You can download the authenticator app on this device and use that method to authenticate. Alternatively, it is possible to nominate a fixed land line for MFA, so you can use your home land line if you are working from home. Using a land line for MFA is very simple, at the point where you need to confirm your log in you will receive an automated call that plays a recorded message asking you to press # to confirm you want to log in.

I don’t want to use MFA, what happens?

The use of MFA for access to secure BCU Data outside the University network has been mandated by the University to comply with GDPR. For this reason it is being applied to all University staff and students. If you are unwilling to use MFA you will be unable to access secure BCU data from outside the University and thus will not be able to work/learn from home if you need access these resources to complete that work. You will still be able to access all of these resources from within the University when it is open.

How long can I take to type in the MFA code?

If you chose to receive a code via SMS text message it will be valid for 2 minutes before you will need to refresh the code. If you use the code from the App, these are refreshed every 30 seconds and are only valid whilst displayed on screen. The App shows a countdown of how much time is left so ideally you should wait for the code to auto refresh to give you the most time to enter it.

What if I forget or lose my phone?

After the setup of your primary method of authentication, you have the option to add a secondary option, such as an alternative phone number, or the Microsoft Authenticator App. If you are not connected to the BCU network, and haven’t set up a secondary option, you will not be able to access secure BCU data. In this case, IT can reset your MFA registration, however for security reasons this can only be done by request in person whilst on site as it is not possible to confirm your identity over the phone.

What if I get a code, call, or request to approve access when I am not trying to log in?

Code – ignore this and report to the help desk. If someone is trying to gain access to BCU data using your details, they will not be able to log in without this code, your account will not be compromised. Request to approve access – deny this and report to the help desk. As above, if someone is trying to gain access using your details, they will not be able to without your approval via the app.

Call - hang up without pressing #. If the call is the result of someone trying to gain access to University data using your ID you have successfully blocked them. If you constantly receive calls you can lock MFA by pressing the key combination stated in the automatic message. Contact the IT Help desk as soon as possible to alert them to this and change your password.