This site uses cookies to improve your user experience. By using this site you agree to these cookies being set. To find out more, please read our privacy policy.

MFA Frequently Asked Questions (FAQs)

Here you will find a selection of frequently asked questions (FAQs) about Multi-factor authentication (MFA). These FAQs are regularly updated so please keep checking this page for the latest updates. If you have a question you'd like to raise or you are experiencing a problem using MFA please get in touch.

Multi-factor authentication, or MFA, is an additional way of checking that it is really you when you log in to your account. In addition to your email address and password, you will need to set up a second form of authentication.

The recommended approach is to use the Microsoft Authenticator app on your mobile device.

This second layer of security is designed to prevent anyone but you from accessing your account, even if they know your password.

The introduction of MFA will help meet industry and cyber security best practice, helping to protect NHS data, user personal data and patient data.

MFA is quick and easy for most people to set up. Should you experience any problems, help and support is available.

You will only be asked for MFA if your identity needs to be further verified for additional security reasons. An example could be when signing in to your Microsoft account from a personal computer or personal mobile device, which is not on the NHS network.

If you are using a personal computer, mobile device or NHS Apple device, MFA verification is required every eight hours. If you are prompted for MFA using an NHS device, please contact the IT Service Desk.

MFA can block over 99.9 percent of account compromise attacks (Source: Microsoft). Therefore, it is a highly effective way of keeping your IT account and data secure from cyber crime groups.

Cyber crime groups can access your Microsoft 365 account if they guess your password correctly or trick you into sharing your details through scam emails, text messages or phone calls - known as ‘phishing’.

To protect your account, please set up Multi-Factor Authentication (MFA), which can block over 99.9 percent of account compromise attacks.

 

You need an Internet connection to receive a push notification on the Microsoft Authenticator app but not to access a one-time passcode.

The Microsoft Authenticator app does not collect or store any personally identifiable data. Your personal mobile device details are not used for any purpose other than protecting your account.

Multi-factor authentication (MFA) is a mandatory security policy that all staff must comply with.

 

If you have a new telephone number or need to update your verification method, please follow the steps below:

  1. Sign into the Microsoft 365 portal (office.com).

  2. Select your profile picture in the top right, then select View account.

  3. Under Security info select Update info.

If you are not able to authenticate because you no longer have access to the phone or app you previously used to verify your identity, please contact your IT Service Desk from the 'Self Service' icon on your device home screen. 

MFA helps enhance IT security by:

  • Keeping data in a more protected environment
  • Providing increased protection against cyber threats
  • Helping you to gain access to your account should you forget your password
  • Safeguarding our NHS reputation.

Cyberattacks on electronic health records and other systems pose a risk to patient privacy because cyber criminals could access sensitive information, potentially causing harm to patient safety and care delivery. There is also a risk that ransomware viruses could be used to hold medical records or devices hostage, risking your access to vital tools and information.

Yes. To continue using your NHS.net email account you need to following these steps. This will require access to either a work or personal mobile device.