To improve our cybersecurity and protect personal data, all new BCU students will need to register for Multi-Factor Authentication (MFA). MFA means you will need to verify your login when accessing BCU systems, similar to what you may have set up for online banking.
What is Multi Factor Authentication?
Multi Factor Authentication (MFA) is the process of using two or more independent factors to verify a user's identity for a login, and to access secure data - similar to what you may use with online banking.
- The first factor is something known only to you - your BCU password.
- The second factor is a single use code sent to your personal device (mobile phone or tablet) OR a message sent asking for confirmation that you are attempting to log in.
Why do we need MFA? What are the benefits?
There are two massive benefits to being signed up for MFA.
1. MFA gives you the ability to reset or change your BCU password yourself, from home.
If you have been set up with MFA, you will now have access to reset or change your password for BCU services when you:
- Are working remotely from the BCU network (at home or somewhere else off campus),
- Have internet access and,
- Have access to another device (a mobile phone or tablet).
Instructions: How to reset your password
2. MFA protects your personal data, BCU data and keeps the University secure against cyber attacks.
Each year, cyber attacks are becoming more sophisticated and safeguarding our data has become more crucial than ever. Multi Factor Authentication is just one of the vital security measures in place as a solution to this.
Always remember that, as a student at BCU, you have a responsibility to keep data secure and be on guard against possible breaches and theft. See our tips for avoiding the common pitfalls on the IT Security iCity page.
Which systems are protected by MFA?
- iCity
- Outlook (email)
- Moodle
- Mahara
- Office 365 suite of applications
How do I register for MFA?
If you are a new starter from September 2020 onwards, when you first use your new login details to access any BCU services from outside of the University (including your new email account, Moodle, iCity etc) you will be prompted to register for MFA.
Instructions: Register for MFA
If you are a current student who wishes to register for MFA, You can follow this guide or contact the IT Help desk by emailing ithelp@bcu.ac.uk with your request and a contact number - a member of the support team will call you and talk you through it.
What are the options?
There are five different methods of using MFA to authenticate your log-in, and they are all quick and easy!
1. Code to your mobile via SMS – You will receive a text message providing you with a code to enter on the log in page. This option is ideal for working remotely – works with any mobile phone, no app to install and no cost to receive SMS in the UK (roaming costs may apply to receive SMS outside of the UK). A mobile signal will be required to use this option.
2. Call to your mobile – As above, a quick call requesting you press the # key to authenticate your log in. This is another quick and easy option – no codes to enter, no app to install and works with any mobile phone. Roaming costs may apply to receive calls if you are working outside of the UK.
3. Code from the Authenticator App – the authenticator app generates a verification code that updates every 30 seconds. Enter the most current verification code in the sign-in interface. The app is free and codes are auto generated without need for Wi-Fi or a data signal – you will need to download the app on to your smart phone or tablet.
4. Authorise login from the Authenticator App – You will receive a notification to the authenticator app on your smartphone or tablet. The notification will prompt you for confirmation that you are attempting to access secure services. This is a fast and easy option, as you just select from ‘Approve’ or ‘Deny’ and you will be logged in. This requires you to download the app on to your mobile device which must be a smartphone or tablet, and you will also need a Wi-Fi or data signal to receive notifications.
5. Call to your Home landline - A quick call requesting you press the # key to authenticate your log in. This option is quick and easy – no codes to enter, no app to install and no cost to receive the calls. Unfortunately if you are away from your landline, you will not be able to authenticate and access any of the above systems remotely
For IT Help and support
Please email ithelp@bcu.ac.uk with your query and a contact number and a member of the support team will call you back at the earliest opportunity.
Frequently asked questions
What do I need in order to use MFA?
MFA requires you to nominate a personal device like a mobile phone as a second factor for authentication. Take a look at the details for each option to work out which works best for you (you can change your mind later). Depending on which option you choose you may need to download an application.
When will I be asked to use MFA?
You will only be prompted to use MFA to log in when you are logging into your emails, Moodle, iCity and Office 365 applications from outside of the University. You will not be asked to use it when you are on campus.
How often do I need to do this?
Once you have logged in to your emails, Moodle, iCity, Office 365 using MFA, you will be remembered for that service until you log out or end your session. Remember this only applies when using protected services when outside of the University network.
Do I have to use this to log in to a BCU PC/laptop?
No. MFA is not used for logging in to PCs or laptops, it only applies to accessing your email, Moodle, iCity and Office 365 applications.
If I take my laptop to a classroom and connect to Wi-Fi, will I have to use MFA?
No, the University Wi-Fi is still considered to be within the University network so you will not be prompted to use MFA if you take your laptop to a room and use the Eduroam Wi-Fi connections.
If I take a BCU laptop home will I have to use MFA?
Yes, if you use a BCU laptop on any network other than in the University you will be prompted to use MFA to access any protected systems.
Can I change my preferred MFA option?
Yes, you can change your option at any time by logging into myapps.microsoft.com and either changing your phone number or choosing a different option. You will be required to authenticate with MFA to log into this site and will be prompted to authenticate with your new option as part of the process so must have the device with you.
Will MFA cost me anything?
There is no charge for using the MFA App, if you decide to use either the call back or SMS text option there is no cost for the calls or messages being sent to you within the UK, however if you use this from outside the UK you may be charged a roaming fee by your service provider. For more details on any charges please consult your mobile phone contract or contact your service provider.
My mobile is not a smart phone, can I still use it?
Yes, you can use any mobile phone to receive SMS codes or a call back to approve your log in.
What data about me does the App collect?
Like many Apps, this one collects data to enable service improvements, the Microsoft Authenticator App’s Privacy policy complies with GDPR and allows you to customise what data is collected and switch on/off data gathering. However, in order to function properly, the App requires access to several phone features and resources including your account settings, contacts, SMS to receive messages, read and write to memory storage and use of the camera to read a QR code on set up.
I don’t have or don’t want to use my mobile phone for this. How can I log in?
If you would prefer, you can use another mobile device such as a tablet or iPad. You can download the authenticator app on this device and use that method to authenticate. Alternatively, it is possible to nominate a fixed land line for MFA, so you can use your home land line if you are working from home. Using a land line for MFA is very simple, at the point where you need to confirm your log in you will receive an automated call that plays a recorded message asking you to press # to confirm you want to log in.
I don’t want to use MFA, what happens?
The use of MFA for access to secure BCU Data outside the University network has been mandated by the University to comply with GDPR. For this reason it is being applied to all University staff and students. If you are unwilling to use MFA you will be unable to access secure BCU data from outside the University and thus will not be able to work/learn from home if you need access these resources to complete that work. You will still be able to access all of these resources from within the University when it is open.
How long can I take to type in the MFA code?
If you chose to receive a code via SMS text message it will be valid for 2 minutes before you will need to refresh the code. If you use the code from the App, these are refreshed every 30 seconds and are only valid whilst displayed on screen. The App shows a countdown of how much time is left so ideally you should wait for the code to auto refresh to give you the most time to enter it.
What if I forget or lose my phone?
After the setup of your primary method of authentication, you have the option to add a secondary option, such as an alternative phone number, or the Microsoft Authenticator App. (Find out how here) If you are not connected to the BCU network, and haven’t set up a secondary option, you will not be able to access secure BCU data. In this case, IT can reset your MFA registration, however for security reasons this can only be done by request in person whilst on site as it is not possible to confirm your identity over the phone.
What if I get a code, call, or request to approve access when I am not trying to log in?
Code – ignore this and report to the help desk. If someone is trying to gain access to BCU data using your details, they will not be able to log in without this code, your account will not be compromised. Request to approve access – deny this and report to the help desk. As above, if someone is trying to gain access using your details, they will not be able to without your approval via the app.
Call - hang up without pressing #. If the call is the result of someone trying to gain access to University data using your ID you have successfully blocked them. If you constantly receive calls you can lock MFA by pressing the key combination stated in the automatic message. Contact the IT Help desk as soon as possible to alert them to this and change your password.
