Multi-Factor Authentication (MFA) is another level of protection to your account on top of your password. This can be a notification sent to a personal device to confirm it is in fact yourself logging in. The College uses MFA when logging in to Office 365 applications.

Add extra security

A video on how to add extra security to your account

Why Use MFA?

MFA adds an extra layer of protection to your account. This means if your account is compromised and your details are shared, it will be even more difficult to gain access to the account. This protects yourself and the College's data. 

Configuring MFA

After MFA has been enabled on your account you will need to configure the options that best suit you the first time you logon to Office 365.  MFA requires you to use a personal device that you will have on-hand with you; we recommend you to download the Microsoft Authenticator app to your phone. Use the below instructions to set up MFA on your account. 

Set up MFA

Set up MFA on your mobile device

  1. On your phone, visit the App Store (iPhone) or Play Store (Android) to download and install the Microsoft Authenticator app. Ensure that you allow it to use your camera and send notifications when it prompts you.
  2. On your computer, go to https://mysignins.microsoft.com/security-info
  3. Click Add method.
  4. On the Add a method window, ensure Authenticator app is selected from the list, and click Add.
  5. On the Start by getting the app window, click Next.
  6. On the Set up your account window, click Next.
  7. On your phone, open the Authenticator app. If you’re asked for an unlock code, that’s your phone’s PIN (it may alternatively require your fingerprint or retina scan if you’ve set up either of those methods on your phone).
  8. Click the menu button (three dots) and then Add account.
  9. Click Work or school account.
  10. Click Scan a QR code. If the app asks for permission to use your camera, click Allow.
  11. The app should then open a QR code scanner. Point your camera at the QR code on your computer screen.
  12. Click Next on the computer.
  13. Click Enable phone sign-in or Approve on your phone. You may also need to unlock the app using your phone’s PIN, your fingerprint or retina scan.
  14. Click Next on your computer.
  15. Click Set default sign-in method, or Change if there’s already one set.
  16. Select Microsoft Authenticator – notification from the list, and click Confirm.

In case you are unable to access your mobile phone for some reason (e.g. your phone has run out of battery or you have lost your phone), make sure you set up a secondary method. Learn how to set up a secondary method from the FAQs below. 

The Microsoft help web pages also offer in-depth instructions on how to use Microsoft Authenticator with Microsoft 365

Frequently asked questions

Who can use MFA?

MFA was recently enabled for accounts that have the ability to edit the college website. MFA was deployed to Faculty of Medicine UGs before Christmas. MFA is gradually being rolled out across the College - you will be notified when this happens. 

Do I have to use MFA each time I login?

For most applications that people connect to they will have the option to trust this device for 30 days and will therefore not be constantly prompted to MFA. However, some systems require additional security and therefore will prompt every time.

Does MFA work in my country?

The MFA service we are using is provided by Microsoft - so if Office365 (email, teams, SharePoint etc.) is available in your country, so should the authentication service. Find out more about Microsoft's availability regions.

MFA does work in China, however, there are some limitations if you are using the Android App as not all Google Services are available in China - Find out more.


Does MFA work over Wi-Fi?

Yes, MFA does work over Wi-Fi or a mobile connection. 

How do I add a second multi factor method?

  1. Please go to Microsoft Sign-ins security page
  2. Select "Add method" at the top of the options box.
  3. You can then choose from a selection of methods.
  4. see screen shot below for guidance:

Microsoft security info dashboard

How do I set a default second multi factor method?

  1. Please go to Microsoft Sign-ins security page
  2. Select "Change" next to “Default sign-in method: Microsoft Authenticator - notification Change”
  3. Change default method to "Microsoft Authenticator - notification".
  4. see screen shot below for guidance:

Screenshot of Microsoft Security info dashboard

I can't add MFA to my iOS mail client?

Please delete your existing Imperial College account from you iOS mail client and start again.

I use my phone to check my emails, will MFA affect this?

Most email applications provide support for MFA so users will be prompted to MFA every 30 days.

Some older email clients don't support MFA so they will need to use App Passwords which will allow them to connect and will never be prompted to MFA.

I'm currently abroad, will I be charged to use MFA?

We advise everyone to use the MFA app as opposed to the SMS service. Once the app is installed, you will be able to use one of the rotating passwords within the application to verify yourself. 

UK providers do not usually charge for services like this but check with your provider beforehand. 

Is MFA a College requirement?

MFA will be enabled for the whole College in due course and we will work with College staff and students to help MFA work for them. 

The default/recommended option is to use an App which is available for iOS/Android. the second notification could be to receive a phone call and then press the # button or receive an SMS so would be compatible with a non-smartphone. If a member of Imperial doesn't have a smartphone we are exploring the options regarding providing a hardware token or something similar can provide the MFA response.


I’ve received an unexpected text message or an App notification

Please decline the app notification and contact the ICT Service Desk who can investigate further.

What if I change my phone?

If you get a new phone then you will need to change the setup of your MFA. In addition, if you use apps such as Gmail to read your College email you will need to generate a new app password.

What if I lose my phone?

Please contact the Service Desk.  You can also set up a second device in case this happens.