What is multi-factor authentication?

Multi-factor authentication (MFA) is an electronic authentication method which requires you to log in using two different mechanisms. In UCT's case, this would mean using your UCT network password along with authenticating via an app on your smartphone (or a verification code sent to you via SMS).

Why is multi-factor authentication important?

Cybersecurity attacks are on the rise, and universities are a huge target, given the amount of personal and sensitive data they hold. With email and other online communication methods (e.g. Teams) being so critical in how we operate – especially during remote working and learning – MFA is essential to keep your UCT account, your data, and UCT's network safe.

Consider how banks require you to use MFA to access your account online and make payments. Just like your banking data or medical data is seen as private, sensitive, and requiring maximum protection, your work data – your UCT account, email, and other data – must also be considered sensitive, and needs similarly strong protection.

Our UCT passwords are already long. Will MFA really make our accounts safer?

Unfortunately, in today’s times, passwords alone may not be enough to secure user accounts. The rise in data breaches, along with poor password practices (such as reusing passwords), means that stronger security measures are needed.

Using a mobile phone as well as a password means that, to access your account and your data, a cybercriminal would need know your password and have physical access to your phone.

When the University of Surrey  implemented the same MFA platform we are using, there was a 76% reduction in compromised accounts.

Is MFA mandatory for UCT users?

Yes. UCT's Risk Management Executive Committee (RMEC) has supported the implementation of MFA as a necessary mechanism for enhancing the university's digital security.

As such, UCT’s information security policies require all individuals with UCT network accounts to make use of MFA.

For further information, please read the following policies on the ICTS website:

Can I opt out of MFA?

No. As explained earlier, MFA is mandatory for all UCT users.

Which services does MFA apply to?

At present, MFA applies to UCT email as well as other Microsoft 365 services and data used by staff – including Teams, OneDrive, and more. It also applies to ServiceNow, Mimecast, LinkedIn Learning, and the UCT VPN. It may later be expanded to many other UCT services.

Does the authenticator app use a lot of data?

No. Each time you authenticate, the app uses a few kilobytes of data  – a miniscule amount in comparison to almost every other app on your smartphone.

Once I set up the authenticator app, why do I have to set up my phone number as a backup option? Isn't the app enough?

It's not mandatory to set up your phone number as a secondary option, but we highly recommend it because if you ever experience unexpected issues with the app - e.g. you accidentally delete it - you will not be able to set it up again yourself as you will be asked to authenticate, which is obviously not possible. You will then need to contact the IT Helpdesk and verify your identity before the issue can be resolved. This might also cause additional inconvenience given that support is available only during office hours.

However, if you simply set up your phone number as a backup option, if you run into issues with the app, you will still receive an SMS verification, and you can then install and set up the app yourself without the inconvenience of the additional steps. Follow these instructions to set up SMS verification as a backup.

I have a feature phone – not a smartphone. Can I still use MFA?

Yes. Follow the instructions provided to set up MFA using SMS verification.

I do not have a cellular phone at all. Will I lose access to my UCT account?

No. Please contact the IT Helpdesk so that alternate arrangements  can be made for you.

The authenticator app does not work on my Huawei smartphone. What should I do?

If you use a Huawei phone that runs HarmonyOS rather than the Android operating system, please use SMS authentication for now. The authentication app method is not yet supported on HarmonyOS. Huawei phones released in 2021 or later may fall into this category.

What do I do if my phone is lost, stolen, or in for repairs?

Please contact the IT Helpdesk so that alternate arrangements can be made for you.

What do I do if I don't have signal and cannot get the verification SMS?

If you have a smartphone, we recommend installing the authenticator application as a backup option. This will allow you to still authenticate when connected to WiFi. 

If you cannot install the application, please contact the IT Helpdesk so that alternate arrangements can be made for you.

If I don’t have my phone on me, can I use another device to complete MFA authentication?

Yes, you can set up authentication on a second device, which you should keep with you when you don’t carry your phone. However, note that the second device must be a mobile device – such as a tablet or smart phone. You cannot use a laptop or desktop computer as your second device.

In addition, adding a second device works with the Microsoft Authenticator app only. You cannot set up a second device to use SMS verification.

Follow these instructions to set up MFA on a second device.

How come I can't access my UCT data on some applications anymore?

If you are using an application that uses legacy authentication protocols, you can no longer access your UCT data via these applications. Examples include accessing your UCT email via the Gmail app, Outlook 2010, or older versions of Apple mail. See a comprehensive list of applications below.

This is because the applications use outdated authentication protocols which put the UCT network and your UCT account at risk.

Read our MFA web article to find out how to resolve this issue.

Legacy protocols which are not compatible with MFA

The following platforms have been identified as incompatible with MFA:

  • Android (Google) Mail
  • Gmail (web)
  • Samsung Mail (some versions work, but there is no definitive list or way of checking. Most do not)
  • Office 2010 (service pack 2 version 14.0.7182.5000 or later supports app passwords)
  • iOS versions before 11
  • Outlook for Mac 2011 (will work with app passwords)
Who do I contact for assistance with MFA?