Skip to main content

Layer up your account security with Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) gives you increased protection against cyber-attacks

What is MFA

MFA gives you an additional layer of security, over and above your username and password when working online.


Why is the University using MFA

  • MFA has been implemented to provide an extra layer of protection on Microsoft 365 applications and the University of Bath VPN
  • The University stores a large amount of personal data, of both staff and students, including confidential research data, which MFA helps to protect
  • Since many of our community are now working remotely and most of our work is done online, there is a greater threat of attack on individuals email and online data. This could lead to data breaches and unwanted access or threats to our security

Benefits of MFA

  • Easy to set up and use
  • Helps you to gain access to your account should you forget your password
  • Provides increased protection against cyber-attacks
  • Keeps any sensitive research data in a more protected environment
  • Implementation of MFA means that you will receive a request for authentication if an attempt is made to access your account from an unusual location or device

What you need to do

  1. All staff and students are requested to set up MFA protection on their account. You may be asked to do this when you next log in, or, you can set it up via the 'Security Info' tile on your My Account page
  2. Add an authentication method, either:
  • the Microsoft Authenticator App (recommended). You will need to set up the app for your Bath account: Open the app, select the + button, tap Add work or school account and sign in with your Bath credentials.
  • phone - call
  • phone - text message (will not work for VPN access)

Please note: To use the University’s VPN you must also set your MFA default sign-in method. For guidance on how to do this, see our Setting up VPN on your device page.

Personal data and privacy considerations

Find out how your personal data is held, used and kept secure



Frequently asked questions

Find answers to the most commonly asked questions relating to MFA


Q. I have received a request to provide secondary authentication but I haven’t attempted to log into my account, what should I do?
A. Immediately change your password and notify the IT Service Desk via our IT Help Form.

Q. I have an accessibility requirement. How can I register for MFA?
A. If you have accessibility requirements, please contact the IT Service Desk, via our IT Help Form.

Q. What protection does MFA provide?
A. MFA provides an additional line of defence for University systems and data. If your password is compromised by a malicious third party, they won't be able to access protected resources without providing secondary authentication.

Q. How can I change my MFA details?
A. You can add or update your multi-factor authentication details via the Security info page, which is located within your My Account page.

Q. Which is the preferred MFA method?
A. University of Bath's preferred MFA method is the Microsoft Authenticator App, which will work across all services protected by MFA. You can use other authenticator apps and methods but they may not be supported for all services, due to technical limitations. For example, the VPN can only support 'Microsoft Authenticator – notification' or 'Phone - call' as your default sign-in method.

Q. Where is my personal data held and how is it used?
A. Please read our guide on the use of personal data for identity verification and authentication.

Additional help and support

If you have further questions or need help with MFA, please contact our IT Service Desk, via the IT Help Form.