If you’re planning on leaving the country or if you are travelling to Oxford from abroad then you may need to take steps to ensure that your multi-factor authentication (MFA) will work properly after your journey. To make sure your work won’t be disrupted while you are travelling you should check whether your MFA method is dependent on phone or internet signal and make other arrangements if necessary.
Before you travel
To check which MFA methods are associated with your account, go to My Sign Ins and log in with your Oxford Single Sign-On (SSO) and complete your MFA. From there you will be able to add backup methods, remove methods you no longer use and select your default way to sign in with MFA - please see the Managing your MFA setup page for detailed instructions for how to do these.
To make sure you don’t lose access to your SSO account after making your journey, you will need to make sure you have at least one way of getting into your account that doesn’t rely on phone signal. Once you have arrived you can log into My Sign Ins and add any further methods you’d like to use such as a local mobile or landline phone. The main methods of authenticating your sign in without phone signal or internet connection are authenticator apps and hardware tokens.
Authenticator apps can create time-based one-time passwords (TOTPs) that you can use to verify your account without needing access to the internet or a mobile network. Once you have set up your app you can use a six-digit code to log in without incurring any charges for using your phone abroad.
Authy is an authenticator app that can be installed on your desktop computer in addition to mobile phones. If you will be accessing Oxford services solely from a personal computer while you are away, then Authy is one of the most convenient MFA options. Having Authy installed on your computer means that you can guarantee you can always access your SSO account from your computer even if your phone is missing or broken.
Setting up Authy for the first time requires a phone number, but you are not required to use a UK number and will not have to use the phone again once setup is complete. Once you have set up your first installation of Authy, then you can set up backups by using a code generated by your original Authy app. To download and set up Authy, please see our Setting up Authy guide.
The Microsoft Authenticator app can be used for two different types of MFA: notifications sent to your phone or time-based passwords. If you use the time-based password option then Microsoft Authenticator won’t use the phone network or internet on your phone. Notification MFA does require phone or internet signal to work, so you may not wish to use this option unless you have a local SIM card and data plan.
When adding Microsoft Authenticator as an MFA method in My Sign Ins it will be automatically set up to use notifications, so make sure that you have a WiFi connection if you do not want to use your phone’s data. Once you have finished setting up the app you should check that your preferred MFA method is set as the default sign-in option within the 'Security Info' section of My Sign Ins.
For more information on Microsoft Authenticator set up instructions please see our MFA Setting up verification via the mobile app
Hardware tokens or security keys are portable physical devices that you plug into your computer, replacing both your password and your MFA. The university supports the use of FIDO2 tokens and recommends Yubikeys. Hardware tokens need to be purchased and are supported by your local IT department. While you need at least one MFA method on your account to use a hardware token, once you’ve set it up it doesn’t require any kind of network connection to work. The drawback of security keys are that some models are not compatible with particular devices, especially Apple products. Before purchasing a hardware token always make sure that the model is compatible with the devices you use the most.
For more information about purchasing and setting up hardware tokens, please see the MFA: Hardware tokens page.