Accessibility statement

Two-factor authentication

Follow the links below to learn more about two-factor authentication at the University:

What is two-factor authentication?

Two-factor authentication (2FA) is also referred to as two-step verification (2SV) or multi-factor authentication (MFA). It offers additional protection for your accounts. The idea is that in order to access an account you have to provide your password and also some other evidence to prove who you are. This other evidence could be a code that is sent to your phone, a code that you generate using your phone or other device, or a simple prompt that you accept on your phone.

What’s wrong with passwords?

The problem with relying on just a password - even a strong password - to protect your account is that if it is ever found out by someone else, they can log in to your account and access everything you can. If you’ve used the same password for other accounts, they can potentially access those as well.

People could obtain your password in several ways. It could be eg guessed, phished, leaked in a data breach, captured by malicious software.

How does two-factor authentication work?

When you have two-factor authentication set up on an account you will first be required to enter your username/email address and password as normal. You will then need to complete an additional authentication step in order to access the account. 

This means that even if someone has managed to get hold of your password they still cannot login to your account without the additional security step. 

What two-factor authentication methods are there?

There are several different methods that can be used for two-factor authentication. The ones that are available to you will depend on which service you’re using. 

Many services will allow you to register more than one method with your account. This is worth considering in case you’re ever in a situation where your primary method of two-factor authentication is not possible (eg if your mobile phone doesn’t have any mobile network reception).

Commonly used methods include:

Show all / Hide all

Can I use two-factor authentication with my University account?

University Google account (Gmail, Drive, etc)

Two-factor authentication is available for all Google accounts. It is mandatory on all staff and student Google/email accounts.

Google refer to it as “2-step verification” For more information, including details on how to enable it, see:

Enabling 2-step verification on your University Google account also ensures that you will not encounter login challenges when signing into your account:

VPN, Virtual Desktop Service and e:Vision

Duo two-factor authentication is required to log in to several University services, including the VPN, Virtual Desktop Service and e:Vision.

Other University services

We may decide to roll out two-factor authentication to other University services in the future. We will advertise this in advance of any changes being made.

Can I use two-factor authentication with my other accounts?

It depends on the service. Many do offer two-factor authentication options but you will need to read their documentation to find out what methods they offer and how to enable it.

The website TwoFactorAuth.org provides a searchable list of many popular websites with details of their two-factor authentication options.