We have listened to your feedback and we are pleased to announce that as part of our continuous service improvements, from Tuesday 2nd November we are reducing the number of MFA prompts you will see when using the VPN (Virtual Private Network) service.
How this affects you
If you have a university managed laptop or mobile device it will receive new settings automatically and your credentials are verified when logging into the device, rather than upon connecting to the VPN. Please be patient and wait for the update, You should not run the setup tools yourself.
Non-university equipment (for example a personal laptop or mobile phone) can still benefit from these improvements however you will need to visit the Network Assistant and run the VPN setup tool again, where you will be prompted to complete MFA during the setup rather than every time you connect. Currently this new configuration works for Windows, MacOS and iPhone/iPad only but we are working hard to support Android and Linux in the future.
Changes to Security
To make this possible, we are using the same banking-grade certificate-based encryption that protects you when accessing secure websites in order to verify your computer is trusted to connect to the VPN. When your managed laptop receives new settings, or you enrol your personal device using the Network assistant, we will install a trust certificate on your device that can only be used with your user account on that one device. Because there are no passwords stored, and no tokens to exchange, this greatly enhances the security of your account and our remote access services.
This does not mean MFA is going away, but we are working hard to reduce the number of times you see an MFA prompt for VPN access without reducing your security. These changes are part of our wider security improvements that we will be announcing over the coming months.