Information about Multi-factor authentication for retirees

As you may have heard, we are implementing Multi-factor authentication on Oxford University Single-Sign On (SSO) accounts, to provide an additional layer of security to protect our personal and University data.

The need to do this is quite pressing. In 2020 many of us were presented with fake, but very convincing, emails with the goal of capturing SSO credentials. The cyber-criminals were seeking to acquire access to university accounts for a multitude of reasons. Cyber-criminals are seeking to get hold of our personal and research information, develop an attack that could assist in fraudulent activity or download malware that could hold the university to ransom.

We would like to advise you to be cautious about unexpected emails or strange login screens, report anything suspicious to Oxford Computer Emergency Response Team (OxCERT) and encourage you to enrol in Multi-Factor Authentication (MFA).

What is Multi-factor authentication (MFA)?

MFA requires a second factor, in addition to your SSO password, to log into University systems. If your password has been stolen via phishing (a fake login page), it is unlikely that the cyber-criminal can do anything without the second factor. This second factor can be a request to approve the login on a smartphone, or a text message to mobile phone, or a telephone call to a fixed landline (where a robot will give you a six-figure code to enter). You may be familiar with this security process through online banking or social media accounts. 

Expand All

At this time, we are not enforcing MFA on University accounts held by all retirees.

A small group of retirees that are actively using University IT systems had MFA enabled on their accounts on Monday 29 March 2021.

We are strongly encouraging all other retirees to opt-in to MFA.

We sent an email to all retirees on Monday 1 March to let you know whether you were in the group that had MFA enabled or whether we will be asking you to opt-in

If you have been asked to opt-in to MFA, you can put in the request via the IT Services website as follows:

  1. Please complete a Service Request - you will need to log in with your Oxford SSO to access this page
  2. You will receive an email to your Oxford University email address when your Service Request has been actioned

A typical request timeline is shown below:

  • Monday 3pm - Service Request received by the Service Desk
  • Tuesday 11:30am - Service Request processed by Service Desk. Requestor receives email informing them that their request has been fulfilled
  • Tuesday after 5pm -  MFA is enabled on the requested account

Multi-factor authentication means you will be asked to verify your account using a second authentication method as well as your password. There are a number of ways you can do this, and you can choose which methods you want to use. Your options are:

We recommend you set up at least two methods, ideally ones that don't both rely on using the same device. So, for example, you might set up a phonecall to your landline and a text message to your mobile. That way, if you don't have access to one or the other phone, you can still log in to your account.

We have a made web page listing the pros and cons of each authentication method.

Instructions for setting up each authentication method are on the How to prepare for MFA page.

You will be asked to login using MFA whenever you start a new session with something that needs your SSO login. This includes Outlook, the Outlook Web App (OWA), Microsoft Teams, Teams Web Client, OneDrive, Office, SharePoint Online, Dynamics365, plus any web pages that are behind SSO that you have access to.

For activities in a web browser, you should expect to be asked to login with MFA every time you go to that website.

For software on your computer, like Outlook, you should be asked less frequently.

If you still have a college or departmental affiliation, please contact IT Support there to help you request and set up MFA.

If you do not have a college or departmental affiliation, please contact the central Service Desk, who will be able to help you. They are available 24/7 on +44 1865 612345.

Contact & further information

If you have any general questions regarding the implementation of multi-factor authentication please email the project team

For any IT support with multi-factor authentication, please talk to your local IT support in the first instance, if you are unable to resolve your issue, contact the IT Service Desk 01865 (6)12345