How you log into Moodle and your other Edinburgh Napier digital systems is changing

We are introducing an extra level of security which will make you safer when logging into our digital platforms.

Every student will need to use Multi-Factor Authentication (MFA), a process where you are prompted during sign-in for an additional form of identification. You may already be using MFA outside of the University, for instance when you are making a payment using a banking app or logging into accounts on Facebook and Twitter.

 
 
Image of Student Ambassador with mobile phone

If we only ask for a password to authenticate a user, it leaves the University at risk of attack from cyber criminals. If the password is weak or has been exposed elsewhere, we don’t know if it is our user signing in with the username and password, or an attacker. 

When we require a second form of authentication, security is increased as this additional factor is not something that's easy for an attacker to obtain or duplicate. It helps protect our users and the University’s data.

MFA helps safeguard access to data and applications while maintaining simplicity when signing in. It provides additional security by requiring a second form of authentication and delivers strong authentication via a range of easy-to-use authentication methods.

 
 

When will Multi-Factor Authentication come into effect?

We will be switching on Multi-Factor Authentication on for all students during trimester one. 

To allow us to offer the best support, rather than switching it on for all students at once, we will be switching it on School by School.

Once it is nearly time for MFA to be switched on for your School, we will email you to let you know the date.

Once it is switched on MFA will be required whenever you access your University Microsoft 365 account (including your email, your calendar and Teams) and other online University systems such as Moodle, Library eResources, the Edinburgh Napier app and myFuture. 
 
 

Make sure you have a compatible authentication method set up

Once MFA is switched on for your School you will need to use it. 

To make sure this causes you the least disruption it’s important to check in advance that you have a compatible authentication method set up.

  • Go to: https://mysignins.microsoft.com/security-info 
  • If prompted, log in to your University Microsoft 365 account using your Edinburgh Napier email address and password.
  • The authentication methods you have set up will be listed.
  • If you have no authentication methods, or only ‘Security questions’, listed then please add either ‘Authenticator app’ or ‘Phone’.
  • Click Add Method.
  • Choose either ‘Authenticator app’ or ‘Phone’ from the drop-down menu and follow the on-screen instructions to register your sign-in method.
 
 

Frequently Asked Questions

What MFA compatible authentication method should I use?

You can use any of the MFA compatible authentication methods. We recommend using the Microsoft Authenticator app on an Android or iOS device as it is the most reliable, secure and convenient method.

What is the Microsoft Authenticator app?

The Microsoft Authenticator app allows enterprises and educational institutions around the world to perform MFA.

 

You can also use the Microsoft Authenticator app to secure other accounts, such as your Facebook and Twitter accounts.

 

You can download the app onto an Android or iOS device from the app store you normally use.

 

The University uses the Microsoft Authenticator app for MFA purposes only.  By installing the app and syncing your University account you are not providing us with any personal data or means through which to control your device.

 

You'll need to use the app each time you're asked to use MFA, so don't delete the app once MFA has been set up.

 

Find out more about using the Microsoft Authenticator app on the Microsoft website

I already have an authenticator app, but it isn’t the Microsoft one, can I use it?

Yes, as long as the app uses time-based one-time password (TOTP) then you can use it for MFA. 

However, push notifications, where you can simply click approve or deny are only available on the Microsoft Authenticator app. If you use a different app, you will need the app to generate a 6-digit verification code that can be entered in the sign-in interface.

The Microsoft Authenticator app is the only authenticator app supported by the University.
 

Why would I already have an MFA compatible authentication method set up?

When you registered for the Self-Service Password Reset (SSPR) service you will have registered an authentication method. All the SSPR authentication methods are compatible with MFA except for ‘Security questions’.

How do I check if I have an MFA compatible authentication method set up?

  • Go to: https://mysignins.microsoft.com/security-info 
  • If prompted, log in to your University Microsoft 365 account using your Edinburgh Napier email address and password.
  • The authentication methods you have set up will be listed.
  • If you have no authentication methods, or only ‘Security questions’, listed then please add either ‘Authenticator app’ or ‘Phone’.
  • Click Add Method.
  • Choose either ‘Authenticator app’ or ‘Phone’ from the drop-down menu and follow the on-screen instructions to register your sign-in method.
  • Where possible we recommend you use the Microsoft Authenticator app on an Android or iOS device.
  • You can add multiple authentication methods if you wish.
 

How do I set up an MFA compatible authentication method?

  • Go to: https://mysignins.microsoft.com/security-info
  • If prompted, log in to your University Microsoft 365 account using your Edinburgh Napier email address and password.
  • Click Add Method.
  • Choose either ‘Authenticator app’ or ‘Phone’ from the drop-down menu and follow the on-screen instructions to register your sign-in method.
  • Where possible we recommend you use the Microsoft Authenticator app on an Android or iOS device.
  • You can add multiple authentication methods if you wish.
  • The ‘Security questions’ option is not compatible with MFA so if this is an option you have selected make sure you have an additional method set up. 
 

Why is the ‘Security questions’ authentication method not compatible with MFA?

Microsoft do not allow the ‘Security questions’ to be used for MFA as they can be less secure than other authentication methods because some people might know the answers to your questions.

Why should I check that I have an MFA compatible authentication method set up before MFA is switched on?

When MFA is switched on it will come into effect immediately whenever you try to access your University Microsoft 365 account (including your email and calendar) and other online University systems such as Moodle, Library eResources, the Edinburgh Napier app and myFuture.

By making sure you have an MFA compatible authentication method set up in advance you will minimise the risk of any disruption to your access to your University account and online systems.
 

I don’t have a smart phone or an Android or iOS tablet, can I still set up MFA?

One of the MFA compatible authentication methods is text messaging, this can be used when you don’t have a smartphone. 

  • Go to: https://mysignins.microsoft.com/security-info 
  • If prompted, log in to your University Microsoft 365 account using your Edinburgh Napier email address and password.
  • Click Add Method.
  • Choose ‘Phone’ from the drop-down menu and follow the on-screen instructions.

If you do have a smartphone then we recommend using the Microsoft Authenticator app wherever possible as it is more reliable, secure and convenient. Also, the Microsoft Authenticator app does not rely on the strength of your phone signal like the text message authentication method does. 

 

I don’t have a mobile phone, can I still set up MFA?

Please contact the IS Service Desk who will be able to advise you.

I have tried to set up an MFA compatible authentication method, but I can’t, what should I do?

If you have been unable to set up an MFA compatible authentication method using the instructions above, then please contact the IS Service Desk

How do I change my MFA authentication method or device?

You can change your authentication method or device by going to https://mysignins.microsoft.com/security-info

If you have a new mobile device and don't have access to your old device, then you should contact the IS Service Desk to request for your authentication method to be reset.  This will enable you to set up your new device with an authentication method.  
 

I've lost my device; how do I change my MFA settings?

If you have lost your device, then you should contact the IS Service Desk to request for your authentication method to be reset.  

This will enable you to set up a new device with an authentication method.
 

I live in China, will setting up MFA be different for me?

You should still be able to set up MFA with either the ‘Phone’ or ‘Authenticator app’ authentication methods. 

The Microsoft Authenticator app is available on the Lenovo, Huawei and Samsung Galaxy app stores. Please see Microsoft’s advice:  Authenticator for Android in the public cloud in China
 

Can I choose not to use MFA?

No, all students will need to use MFA. It’s a really important step in strengthening our security. It helps protect you, other users and the University.

If you have circumstances that prevent you from using MFA, please contact the IS Service Desk
 

When is MFA being switched on?

MFA will be switched on by School. Once it is nearly time for MFA to be switched on for your School, we will email you to let you know the date.

Once MFA is switched on when will I be asked to use it?

MFA will be required whenever you access your University Microsoft 365 account (including your email and calendar) and other online University systems such as Moodle, Library eResources, the Edinburgh Napier app and myFuture. 

MFA will then learn where you access from and the web browser and device you use so that you will have to perform MFA less often.
 

MFA has been switched on for my School and I didn’t check in advance if I had an MFA compatible authentication method set up, what should I do?

When you log in to your account for the first time after MFA has been switched on you will be prompted to set up an MFA compatible authentication method if you do not have one.

  • we recommend choosing the Microsoft Authenticator app as it's secure and quick (it allows authentication with one tap rather than a 6-digit verification code).
  • if you prefer to use text message, choose I want to set up a different method and follow the process on-screen.

For a step-by-step guide please see the Microsoft website

 

Once MFA is switched on will I still be able to access my University emails on my device?

Once MFA is switched on you should use the Microsoft Outlook app to access your University email on your device. It’s compatible with, and available on all major operating systems. 

Other email apps are not supported by the University, and in some cases may not be compatible with MFA.

You can also access email through the Edinburgh Napier app, or through webmail
 

When I am on campus will I be asked to use MFA?

When you are on the University network or on the eduroam Wi-Fi on one of our campuses you will be asked to use MFA less frequently.

I have received an unexpected MFA verification notification, what should I do?

If you are getting unexpected MFA notifications, then you should contact the IS Service Desk and reset your password via the Self-Service Password Reset (SSPR) service immediately. 

This could be an indication that your account has been compromised.
 

How can I find out more about MFA?

You can find out more about MFA on the Microsoft website