Using MFA when you log in

Find out how to log in to your University IT account using multi-factor authentication (MFA).

On

Set up MFA

Before logging with MFA you need to set up MFA for your account. If you don’t you will get locked out of your account.


Logging in

To log into your University IT account, follow the steps below.

If you are using High Performance Computing (HPC) follow the additional HPC login guidance.

1 - Log in to MUSE

Click the ‘Log in to MUSE’ link at the top of the page, then enter your University username and password. Click 'Log in'.

2 - Duo MFA check

On the Duo Security page, you will automatically be asked to verify a Duo Push notification sent to your device, or be asked to enter a passcode. This will depend on the last option you choose on the device you are logging into. Passcodes let you log into your account when your device is without an internet connection.

3 - Send me a push

Check the Duo Mobile app on your mobile device and select 'Approve to authenticate'.

3 - Enter a passcode

If you use the Duo Mobile app

  1. Open the app on your mobile device. 
  2. Select ‘Show’ to get a one-time passcode.
  3. On the Duo Security Login page, click ‘Enter a passcode, then type in the passcode and click ‘Log in’.

If you use a hardware token

  1. Press the button on your hardware token to generate a new passcode.
  2. On the Duo Security Login page, click ‘Enter a passcode, then type in the passcode and click ‘Log in’.

4 - Remember device

After approving the Duo Push notification or entering a passcode, you will be asked to confirm ‘Is this your device?’. This allows you to login without the need for an MFA check for seven days.

If the device you are logging into is your regular device, you can select ‘Yes, this is my device’ to remember it. If you are logging into any other device, you should select ‘No, other people use this device’

You will then be logged into your University IT account and directed to the Student or Staff hub.


Receiving unexpected Duo Push notifications

If you receive a Duo Push notification but you aren't trying to log in, your password may have been compromised. Someone may be trying to log in to your University IT account.

You must deny the request and report it to the IT help and support on +44 114 222 1111 immediately.

Lost or stolen MFA device

If the phone or hardware token you use for MFA is lost or stolen you must contact IT help and support immediately on +44 114 222 1111. They will prevent the device from being used for MFA to secure your account.

Remember your device

You can reduce how often you need to verify your login with Duo, using the 'Is this your device?' check. This will save you from having to complete an MFA check on that device for seven days on that device. 

To remember your device for seven days: 

  1. After you complete the Duo Push or passcode verification, you will be asked to confirm ‘Is this your device?’ that you are logging into. 
  2. Select ‘Yes, this is my device’ to remember the device. 
    • If you select ‘No, other people use this device’ you will not be asked about remembering this device for 14 days .
  3. Seven days after you last confirmed you wanted to remember the device, you will need to complete another MFA check, where you can remember the device for a further seven days

Your device will not be remembered if you are using:

  • a different device or browser to the one you were using when you selected 'Yes, this is my device'
  • a browser where you have cleared your cookies
  • a browser that blocks third party cookies
  • private browsing, as the browser won’t store any cookies to remember your login
  • a VPN as the connection won’t store any cookies to remember your login 
  • an application that accesses sensitive or protected information

High Performance Computing (HPC) login guidance

If you use HPC, read guidance on:

Accessing MFA-protected HPC systemsTips for working with MFA on HPC systems