MFA authentication methods pros and cons

Notice: Set up more than one method of authentication

You are strongly recommended to set up more than one authentication method


MFA authentication methods and the pros and cons of each

Authentication Method Description Pros Cons
Microsoft Authenticator app The Microsoft Authenticator App is one version of an Authenticator App that can be used for multi-factor authentication.

Default choice for an authenticator app when setting up MFA at Oxford University

Once set up, can be used without mobile data or Wi-Fi access if you use a one-time passcode

Requires a smart phone

Alternative authenticator app It is not a mandatory requirement for the Microsoft Authenticator App to be used and alternative authenticator apps, such as Google Authenticator or Duo can be used for multi-factor authentication

If you already are using a different authenticator app, then you don’t have to install a new app

Requires a smart phone

Text message on a mobile phone A mobile device that is capable of receiving text messages can be used for multi-factor authentication.

Any mobile phone that can receive text messages can be used, it does not have to be a smart phone

Requires mobile phone connectivity

Authy authenticator app Authy is a free application which provides a secure way to protect your online accounts. There is no requirement for an administrative password to authorise the installation on a computer.

Authy can be used on both a mobile device and a desktop computer or laptop

Authy allows you to sync between your mobile and computer, if you have it set up on both, and allows online backup for recovery

Can be a long process to set up initially

Requires a phone number for the initial setup

Automated call on a phone A phone that is capable of receiving phone calls can be used for multi-factor authentication.

Any phone can be used, either mobile or landline

Requires mobile connectivity if using a mobile phone

In situations where a phone number is shared between multiple phones, the recorded phone message doesn’t indicate who is trying to login

App password 

App Passwords are required where you use apps or older devices that are incompatible with multi-factor authentication methods. An app password is a special password that you generate via your My Sign Ins which proves to the system that you have multi-factor authentication set-up. When accessing an older application, such as Outlook 2013, you need to use an app password in place of your Single Sign-On password.

If you are using devices or apps that are incompatible with MFA, then this is the only way to access your account once MFA has been deployed

The ability to create App Passwords is not enabled by default, so you must request that App Password to be enabled via the Service Desk, using IT Self-Service

Hardware token (Security key) A hardware token or security key is a dedicated physical device that you plug into your computer or laptop that is used to authenticate your account. Once set up, does not require any other devices or mobile data or internet connection

A hardware token must be purchased before it can be used to authenticate your account

You need to set up another authentication method before you can set up a Hardware token, so you will need a phone at initial set up


Get support

Local IT support provides your first line of on-the-spot help



Common requests and fault reports can be logged using self-service





The Central IT Service Desk is available 24x7 on +44 1865 6 12345

If you do not have access to your Single Sign-On, you can use this form to contact the Service Desk