Multi-Factor Authentication

Setting up Multi-Factor Authentication

You need to register at least one authentication method, we recommend the Microsoft app.

  • Download the Microsoft Authenticator App to your mobile phone or register for SMS.

For iPhones at
or Android at

Alternatively, you can register your mobile phone number at to receive text codes.

  • Prompts after Multi-Factor Authentication has been enabled on your account.

You will be prompted to set up MFA next time you authenticate to any Office 365 services.

On your PC or laptop device, once you’ve entered your username and password as usual, you’ll see a "More Information Required" screen, click ‘Next’ and the "Additional security verification" screen will appear. In the drop-down box, select ‘Mobile App’ and ‘Receive notifications for verification’. Now click ‘Set up’ and scan the QR code on the Configure Mobile app screen.

On your mobile phone, start the Microsoft Authenticator App. Once in the App, click on the 3 dots in the top right-hand corner of the screen; Click ‘Add account’, Select ‘Work or school account’; Select ‘Scan a QR code’; Allow any permissions for your app to use the phone camera; Scan the QR code on your screen using your phone. The account is now linked to your App.

On your PC, click ‘Next’ and you should see a message indicating that the App has been set up. You can click Next again – at this point you will be asked to respond to a pop-up notification on your phone from the Authenticator App – this is how you will be prompted every time you access your account on an unknown device.

Once the setup is complete, you’ll be prompted to enter a phone number. Please provide this: it will help if, for some reason, you lose access through the App. The phone number will not be used for marketing purposes.

Click ‘Finish’.  Your account is secured with Microsoft Multi-Factor Authentication. Nobody can access your HWU account without being in possession of your username, password, and – most importantly – your unlocked mobile phone.

To check your current settings or to make any changes, go to


What is MFA and why do I need it? 

Multi-factor authentication is a secure additional login process. It protects you and Heriot-Watt University from unauthorised access to your account, which may occur if you only use a username and password.  You will receive a code to enter for authentication to use along with your username and password.  

What do I do if I damage, change or lose my phone?

Please contact for us to update your account details.

Why do I have to use my own device for MFA? 

Using you own personal device is the most secure way to use MFA as only you have access to the device, and it is protected by a passcode. 

Is Multi Factor Authentication mandatory for all accounts? 

Yes, it is essential to ensure HWU systems can be accessed securely 

What do I do if I don’t have a smart phone and cannot use the Authenticator App? 

You can select to use ‘TEXT ‘message. You will receive a code to enter for authentication to use along with your username and password 

What do I do if I don’t have a mobile phone or device? 

Please contact or call 0131 451 4045 for further information 

Does MFA access or save any details from my device? 

No its just a way to receive the authentication code required in addition to your username and password to authenticate 

What do I do if I’m abroad and need to access HWU systems? 

Please connect your device to the Wi-Fi service to use the authenticator APP 

Why can I not login to email on my iPhone and iPad?

Please delete your account in mail settings and reinstall it as an Exchange account.

Please email with any queries regarding MFA.