Setting up Microsoft MFA for your nuff.ox.ac.uk account
intranet.nuff.ox.ac.uk/go-it-mfa
You may have been prompted to do this in order to secure access to the College VPN. This is MFA for your Nuffield College Microsoft account, and is separate from your University Microsoft account. The University account is used to protect your email and Microsoft Office etc.
What is MFA?
MFA stands for multi-factor authentication. One ‘factor’ is your username and password combination. Nowadays this is not seen as secure enough to protect most online assets. If you use a second (or even a third) factor to accompany your username/password, this is very difficult for hackers to bypass.
Which account?
The College Microsoft account will know you as firstname.lastname@nuff.ox.ac.uk (and for some senior members of College name@nuff.ox.ac.uk).
Use your network login username followed by @nuff.ox.ac.uk.
(NOTE the University account is of the form SSO@OX.AC.UK. For example nuff1234@OX.AC.UK. Your computer and web browser may already be logged into the University account. It’s OK, it can cope with both but you may have to choose the College account or “Use another account”.)
Setting up further ‘factors’
The first time you connect to your Nuffield Microsoft account, you should be redirected to Microsoft to sign in. Enter your College network ID (not your email address), e.g.
Incidentally, if you are concerned that you are being tricked into entering your username and password somewhere insecure, check the URL at the top if you can see it.. It should look like this:
After, the https:// if you see “microsoftonline.com” before the first / , you’re OK.
Click ‘Next’ followed by your password, and click ‘Next’ again.
The very first time you do this, it will ask for ‘More information’. This is the initial request for you to set up new second factors, i.e.
After clicking ‘Next’ you should see
Microsoft would really like you to use their Authenticator App. If you already use it for the University (Nexus) account – great – you can just add another entry. If you would prefer to use another authenticator app, you can click “I want to use a different authenticator app”.
If Microsoft Authenticator is a good option for you, follow the instructions to download that app first (e.g. from the Google Play or Apple App Store) and then Add a new Work or school account and scan the QR code with your phone.
Hopefully you will, by now, be logged in (and maybe on the College VPN if that is what triggered the request for a further factor). You should not have to use the second factor for a further 30 days.
If you do not wish to use the Microsoft Authenticator, other methods are available (e.g. Google Authenticator, a hardware token, receiving a phone call). If you encounter any difficulties, please come and see Nuffield College IT Department.
Setting another factor
It is a really good idea to set up another factor, in case you lose your phone, for example. Maybe you don’t use a mobile phone? If you visit
https://mysignins.microsoft.com/security-info
you should be able to set up a further method (or factor). Please check that you are looking at the account information for your College account, not your University (or any other Microsoft) account. Click on your initials in the top corner to check, i.e.
and change account via ‘Sign in with a different account” if necessary.
If you click ‘Add sign-in method’, you should be able to set up a different method, such as receiving a phone call to a landline, or trusted friend’s phone, e.g.
Note that you will not find a method that includes sending a text message (SMS) to a mobile phone. This is because there are active exploits (hacks) where attackers can intercept your SMS messages. This method is no longer recommended.