Multi-factor authentication (MFA)

Multi-factor authentication (MFA) is required when logging in to most RMIT systems and applications. This increases our cyber security and further protects RMIT's systems.

MFA requires you to provide more than one form of verification to be granted access to a system or application. MFA on RMIT systems requires a user to provide two factors of verification – 1) an email address and password and 2) a unique number you will need to enter into the authenticator app or a passcode sent to your mobile phone.

Students and staff must register for MFA on their devices following the steps below or they will not be able to access the systems and applications that require MFA.

How to register for MFA – user guides

Download the appropriate PDF guide below and follow all steps to complete the MFA registration process. You can choose to register for MFA via the Microsoft Authenticator app OR SMS code.

  • Microsoft Authenticator app – available from your Play Store (Android devices) or App Store (Apple devices). This is RECOMMENDED for all smart phone users, as it is a more secure set up. The Microsoft Authenticator app provides additional information regarding the login attempt, including the location of the request.
  • SMS code –the only option for users who do not have a smart phone. A 6-digit pin must be entered to verify.

Frequently asked questions

Multi-factor Authentication (MFA) requires you to provide more than one form of verification to be granted access to a system or application. 

This provides an extra layer of protection by ensuring only legitimate users can access systems, data and information. 

MFA on RMIT systems requires a user to provide two factors of verification:

  1. An email address and password
  2. A request (yes or no response) or a passcode sent to your mobile phone.

If you don’t have the correct login credentials (email address and password) AND code (when prompted to enter it), you won’t be able to log in to the system or application.

MFA adds an extra layer of protection to keep your data and RMIT networks more secure. Even if a cyber scammer acquires your email address and password, it will be harder to gain access to your account without the additional identity factors required as part of MFA.

MFA is nowadays the most common way people are authenticated to access information and protected online. As well as RMIT, organisations such as Gmail, Facebook, Twitter, and banks are also advising you to use MFA to access information.

RMIT is in the process of changing its systems login processes so that all University systems will eventually require multi-factor authentication (MFA).

MFA is currently required by all students and staff when accessing the following RMIT systems and applications:

  • Microsoft 365 (M365) applications including Outlook Email (RMIT's email platform), Teams, OneDrive, SharePoint and Viva Engage
  • myDesktop

No, MFA won’t be required every time you log in. It will be required:

  • Every 30 days
  • If you log in using a device you have not logged on from before
  • If you log in using a browser you have not logged on from before 
  • If you log in from a country that is different to the country of your last login.

No. If you are accessing a system or appication that requires MFA, you will need to register to use MFA and subsequently log in using the MFA option you chose.

It depends on the preferred option you select during registration.

  • To receive push notifications to the Microsoft Authenticator app, you must have mobile data or WiFi
  • To receive MFA codes by text or call, you must have a mobile service
  • To use the code generated by the Microsoft Authenticator app, you do not need any connection at all.

If you phone is lost, stolen or broken and you can't use MFA, contact IT Connect for assistance.

You will need to recharge your battery before you can get the code.

Visit and log in with your RMIT account. Once logged in, you can change your MFA settings for mobile devices.

Yes, you can install the Microsoft Authenticator application on multiple mobile devices. Once configured, the devices will be displayed in the MFA configuration website. If you register your tablet and phone for MFA, it will show the same code on all your devices.

If you have an international mobile plan, the Microsoft Authenticator app will work. Otherwise, when you are prompted for MFA, click ‘Sign in another way’. From there, select 'Use a verification code from my mobile app'. You will then be prompted to enter a code. Open the Microsoft Authenticator app and enter the 6-digit code into your login screen.

Yes, the Microsoft Authenticator application can accommodate both your student and staff account, and both will be listed in the MFA application. You will need to register both accounts for set up by following the instructions in the 'How to register for MFA' section above.

The primary permission is access to the camera which is required to scan the QR code during registration. This permission can be revoked once registration is completed. For further information on all the permissions required, please see the Microsoft website.

No, the Microsoft Authenticator app does not track your location.

All personal data accessible on a mobile phone should be protected. In order to verify it is actually you using your mobile phone to get the MFA codes, a lock screen password is required.

Need help?