MFA Frequently Asked Questions (FAQs)

Multi-factor authentication, or MFA, is an additional way of checking that it is really you when you log in to your account. In addition to your email address and password, you will need to set up a second form of authentication.

The recommended approach is to use the Microsoft Authenticator app on your mobile device.

This second layer of security is designed to prevent anyone but you from accessing your account, even if they know your password.

The introduction of MFA will help meet industry and cyber security best practice, helping to protect NHS data, user personal data and patient data.

MFA is quick and easy for most people to set up. Should you experience any problems, help and support is available.

You will only be asked for MFA if your identity needs to be further verified for additional security reasons. An example could be when signing in to your Microsoft account from a personal computer or personal mobile device, which is not on the NHS network.

If you are using a personal computer, mobile device, or Trust Apple device, MFA verification is required every 8 hours. Contact the IT Service Desk if prompted on Trust devices, except Apple Trust devices.

99.9% of accounts compromised by cyber attacks can be blocked by using MFA – Source: Microsoft

No matter how strong your password is, there is always the threat of a cyber attack. MFA is important because it makes it harder for cyber criminals to steal your information.

You need an internet connection to receive a push notification on the Microsoft Authenticator app but not to access a one-time passcode.

The Microsoft Authenticator app does not collect or store any personally identifiable data. Your personal mobile device details are not used for any purpose other than protecting your account.

Multi-factor authentication (MFA) is a mandatory security policy that all staff must comply with.