Multi-factor authentication (MFA) is coming to RMIT
Multi-factor authentication (MFA) is being introduced for all students and staff across the University, to increase our cyber security and further protect RMIT’s systems.
From May 2021, MFA will be required by all students and staff when accessing Microsoft 365 (M365) applications including Outlook Email (RMIT's email platform), Teams, OneDrive, SharePoint and Yammer.
Students and staff must register for MFA on their devices following the steps below.
How to register for MFA – user guides
To register for MFA, you need to:
- Reset your RMIT password via Self Service Password Reset. Once you change your password, it may take up to three hours for it to synchronise across all RMIT systems.
- Set up your MFA by downloading the appropriate guide below and following all steps to complete the registration process. You can choose to register for MFA via the Microsoft Authenticator app OR SMS code.
Microsoft Authenticator app – available from your Play Store (Android devices) or App Store (Apple devices). RECOMMENDED for all smart phone users. Has a more secure set up and easier Yes/No verification.
SMS code –the only option for users who do not have a smart phone. A 6-digit pin must be entered to verify.
What is MFA?
Multi-factor Authentication (MFA) requires you to provide more than one form of verification to be granted access to RMIT systems.
This provides an extra layer of protection to your RMIT user login, by ensuring only legitimate users can access the University’s data and information.
MFA will be required by all staff and students when accessing Microsoft 365 (M365) applications including Outlook (RMIT's email platform), Teams, OneDrive, SharePoint and Yammer.
From May 2021, when you sign in to M365 applications, you will be required to provide two factors to identify you:
- A username and password
- A request (yes or no response) or a passcode sent to your mobile phone.
If you don’t have the correct login credentials (username and password) AND code (when prompted to enter it), you won’t be able to log in.
When will I need to verify my identity?
MFA won’t be required everytime you log in. It will be required when you:
- log in using a browser or device you haven’t used previously.
- log in from a country that is different from the country you last logged in from.
How is MFA being rolled out?
All students and staff will be notified via email when to register for MFA and will have two weeks’ notice to register and set MFA up on your account.
After the allocated two-week registration period, the use of MFA will be mandatory for students and staff who have been invited to register for MFA.
General MFA Questions
No, you cannot opt out of MFA on your RMIT account. MFA is required for all students and staff at RMIT to help mitigate against credential theft. If you do not configure MFA, you will not be able to log into your Microsoft programs including Outlook.
MFA is nowadays the most common way that people are authenticated to access information and protected online. As well as RMIT, organisations such as Gmail, Facebook, Twitter, banks and the myGov website are also advising you to use MFA to access information.
It depends on the preferred option you select during registration:
- To receive push notifications to the Microsoft Authenticator app, you must have mobile data or WiFi.
- To receive MFA codes by text or call, you must have a mobile service.
- To use the code generated by the Microsoft Authenticator app, you do not need any connection at all.
MFA will be triggered every 30 days, or anytime a risk is identified in your log in attempt to any M365 application. This includes:
- logging in to a device you have not logged onto before,
- logging into a browser you have not logged onto before,
- logging in from a country that is different to the country of your last login.
Questions about MFA and Personal Mobile Devices
Questions regarding MFA use when travelling