Verification problems

Your verification methods aren't working

If you have tried to verify your identity using one of your registered verification methods and it isn't working, you can always switch to one of the other methods we recommend you set up:

• select the 'Sign in in another way' link on the Microsoft two-factor verification prompt

If one method continues not to work, check the other common problems on this page for a possible solution, or reset this method by:

• visiting the My Sign-ins page
• Remove the verification method that isn’t working and then re-add it

If none of the recommendations on this page have resolved the problem, you can contact the IT Service Desk for support.

You don't have access to your registered mobile device

You've lost/replaced your mobile device or don't have it with you

1. Use an alternative verification method (if you have one setup) such as email. Select the 'Sign in another way' link on the Two-factor verification page. If you don't have another method setup, we recommend you add an alternative

2. If you are still having problems you can contact the IT Service Desk for support

You don't have access to Wi-Fi

You can use the Microsoft Authenticator App to generate a one-time passcode, which requires no mobile data or Wi-Fi connectivity:

1. At the login screen, select "I can't use my Microsoft Authenticator app right now"
2. Select "Use a verification code from my mobile app"
3. Open the Authenticator app on your phone. You should see a six-digit "one-time password code" which refreshes every 30 seconds
4. Type the six-digit code into the relevant box on the login screen
5. Your account should now be verified

Common error messages

'You've hit our limit' error

Microsoft may limit repeated authentication attempts that are performed by the same user in a short period of time. Waiting ten minutes before trying again will usually resolve this, if not you should contact the IT Service Desk for support.

'Stale request' error

• Try clearing the cache and cookies on your browser
• Ensure cookies are enabled
• Check you don't have multiple copies of the page open
• Refresh the page and try again, or close the browser and re-open it

Problems with the Microsoft Authenticator App

Not receiving notifications:

1. Ensure push notifications are enabled on your device as well as within the app
2. The Authenticator app may have crashed:
   • Force the application to close and restart your device
3. You don't have an internet connection:
   • Check your phone signal and Wi-Fi access and move to a location with a better signal if necessary
   • Alternatively, you can use the Time-based One-Time Passcodes (TOTPs) generated by the app to log in by choosing "I'd like to use a different method" at the login screen on your computer
4. The Authenticator app was not set up successfully:
   • Go to 'My Sign Ins' using a different MFA method and add the app again as a new method
5. Battery saving features are blocking notifications:
   • Built-in battery apps can stop push notifications from working by shutting down background processes and only processing 'high priority' notifications while the phone is asleep
   • Change the priority of the notifications or turn off these battery saving features

iOS devices

If you are able to receive the notification through mobile data but not over Wi-Fi, then the phone's network connections can be reset to fix this:

1. Go to Settings
   
2. Select 'General', 'Reset' and then 'Reset Network Settings'

This will forget all Wi-Fi networks and passwords, mobile settings, Virtual Private Network (VPN) and Access Point Name (APN).

Android devices

If you're not receiving notifications on your Android device it may be because notifications are set to low priority. To change this:

1. Go to 'App Info'
   
2. Select 'Notifications' and adjust the notification priority settings

Downloading the Authenticator App for Android devices in China

If you are using the Microsoft Authenticator app in China you may find this advice from Microsoft helpful.

Delays receiving MFA verification calls to a landline phone

If your landline has call forwarding

1. Ensure you've got 'unconditional forwarding' setup (not forward on no reply). This will ensure the call will forward immediately with no delay. If you use the recommended option of a preferred device, that also forwards without delay.
2. On the 'Verify my identity' page, select 'Call +XX XXXXXXXXX**'
3. When your phone rings, answer it and follow the instructions on the automated message

Privacy concerns

I object to using the Microsoft Authenticator App on my personal mobile phone for work/study

Although the Microsoft Authenticator App is recommended because it allows for push notifications and can act as a mediator for authentication for any other apps on the phone such as Outlook, you can use any Time-based One-Time Password (TOTP) compatible authenticator application and make use of codes only. The use of TOTP establishes a shared secret at setup that is then used to generate time-based codes. Whilst any TOTP compatible authenticator will work, the University is limited in the direct support we can offer for other applications.

Should you not wish or not be able to use an app you can choose the phone (text) or alternative phone method and provide a phone number, this data is only used to support the security of your account.

Alternative apps available

There are a number of Authenticator Apps that you may feel more comfortable with, rather than the Microsoft Authenticator App:
- Free OTP is open source
- The UK PC mag article gives an overview of the best Authenticator Apps for 2021

I've received an MFA notification I didn't expect

This might happen because:

1. Your login session expired:
   • On your main computer
   • On another device
2. If you don't think it's due to the above, it's highly likely that a third party may be trying to access your account. In this case:
3. Change your password immediately
4. Check your recent activity
5. Report it to it-security@bath.ac.uk

Other common problems

I use MFA at another institution and I can't change to my Bath Account

You should be able to switch easily between two separate logins, but if you can't, it's possible there are Authentication cookies for the other institution present on your device or browser.

You can keep the logins separate by doing any of the following:

1. Use a different browser for each, such as Firefox for one and Chrome for the other
2. Use a separate browser profile for each login
3. Set up Private Browsing
4. Create a new user profile on your computer

Further help and support

• For further details about this latest security enhancement please review the Changes are coming to your University Microsoft 365 account webpage

• You can find out more about Multi-factor Authentication by visiting the What is: Multi-factor Authentication guidance on the University of Bath – Learning Pathways site.

• The Microsoft webpage Common problems with two-step verification for a work or school account contains useful fixes for the most common problems

• You may also find our Layer up your account security with Multi-Factor Authentication (MFA) webpage helpful

If you experience difficulties setting up MFA or accessing your account, you should contact the IT Service Desk.