Skip to main content

Introducing Multi-factor Authentication (MFA)

What is MFA?

MFA is an additional way of checking it's you when you log in to your NHSMail account

Why is MFA being applied?

A single authentication method such as email address and password alone is less secure. MFA is seen to be the industry standard in reducing security risks for systems requiring log-ins. It is much less likely with MFA that if your password gets compromised that an attacker can access your account.

Facts

  • 99% of account compromise attacks can be blocked by MFA. (Source: Microsoft, 2022)
  • One of the largest insurance companies in the US paid $40 million in a ransomware attack (Source: Bloomberg, 2022)
  • 2 in 5 UK businesses have experienced a cyber attack between 2020-2021 (Source: Knights Lowe, 2021)
  • MFA is present in our daily routines such as mobile bank access, social media log ins, personal email accounts...

Myths

  • MFA is not needed because my account has never been compromised.
  • MFA is difficult to set up and use.
  • The Microsoft Authenticator app will collect personal data.
  • An internet connection is required to use the Microsoft Authenticator app.

How does MFA work?

Authentication via a mobile phone app (Microsoft Authenticator)

After logging in to NHSmail using your email address and password, you will be prompted to open an app on your phone called MS Authenticator (work or personal - it's up to you). A code will appear on your NHSMail login page and you will be required to enter this code into the Authenticator App. Once you have entered the code into the app, the NHSMail login page will refresh and it will let you in.

Authentication via SMS

After logging in to NHSMail using your email address and password, you will be sent a 6 digit verification code to your configured phone number. You will be prompted to enter this verification code on the login screen. Once you have entered the code and selected 'Sign In', you will be authenticated and access granted.

What do I need to do?

  • For most users some basic one-off configuration of an app on your work phone is all that will be required to access your NHSMail account.
  • If you are planning on using your personal mobile as a means of MFA, you will need to either install an app and then carry out some basic configuration to access your NHS mail account, or, configure your phone number to receive a verification code via SMS.

N3i has set up a range of guides to support you through the transition to MFA.

Choose the statement below that is most appropriate to you:

  • I want to set up MFA for my NHSMail account using the Microsoft Authenticator App

  • I want to set up MFA for my NHSMail account using SMS Authentication

  • I need support with logging into my NHSMail account now MFA has been enabled

  • I believe I have MFA set up correctly but it's not working properly. I need help.