Covid-19

We are currently not able to provide new or replacement physical authentication keys due to Covid-19. Instead you should use an authentication app, and ensure you have a recovery email set up. Please ensure you follow the instructions for these options.

Multi-factor authentication provides an extra layer of security when logging in to specific Lancaster IT services (e.g. LUSI Online).

It means as well as your username and password, you may also be asked to enter an additional one-time password (OTP) when you attempt to log in. Most major web companies, like Google, Microsoft, Facebook and Apple, use multi-factor authentication and recommend users turn it on. By using multi-factor authentication, you are helping the university to keep its IT systems and services safe, and by extension helping to enhance the security of your own data.

 Enable multi-factor authentication on your account

The most convenient way to use multi-factor authentication is by using an app on a mobile device to generate a one-time password. You can use a work or personal device if you wish.

If you don't have access to a mobile device, or if you don't want to use your mobile device to generate one-time passwords, you can request a physical authentication key.

As part of the process we also recommend setting up account recovery using a non-Lancaster email address as you will be able to access this even if you lose access to your authenticator app or physical authentication key.

 Enable multi-factor authentication now using an authentication app

To set up multi-factor authentication using an app, you'll need the mobile or tablet device you're going to install the authenticator app on (the "authentication device"), and access to another device (e.g. laptop, PC, tablet – the "main device").

The process is detailed in this video. Written instructions for the same process can be found beneath this.



  1. On your authentication device (e.g. mobile/tablet), open your device's App/Play store and download Microsoft Authenticator. Set aside this device for now – no need to open the app yet.

    If prompted, make sure you Allow access to your devices camera. This is required to scan a QR code later in the process, not for any other purpose.

    You can also use our other recommended apps, Sophos Authenticator or Google Authenticator, if you wish.

  2. On your main device (e.g. PC, laptop) go to WebLogin one-time password management in a new tab or window and, if prompted, log in using WebLogin.

    If you have accessed this page previously to register a different app, a key or an email address, you will be prompted to enter an OTP now. Please follow the login instructions on this page to do this.

    If you don't have access to another method for generating an OTP, see Lost access to multi-factor authentication app or key for further help.

  3. Select Add Authenticator.


  4. Select Mobile App Authenticator.

  5. On your authentication device, open Microsoft Authenticator.

  6. Click + or Add Account to add an account – if prompted with a message about Backups, select Continue.

  7. Select Work or school account.

  8. Using this device's camera, scan the QR code which is on the screen of your other device (or if using a mobile device you can click the QR code) – the app should now start generating 6-digit OTP codes on a loop.

  9. Back on the other device, select Next.

  10. In the OTP code box, enter the six-digit code displayed under Lancaster University in the Microsoft authenticator app on your mobile device – the app will continue to generate new codes, you can just close it at this point.

  11. Click Next.

  12. You will see a message OTP was correct! Click Next.
     
  13. Select Add Authenticator.
     
  14. Select Email Recovery.

  15. Enter your personal (non-Lancaster) email address and click Register Email Authenticator.

    Screenshopt of register email authenticator

  16. Click Validate your authenticator.

  17. Enter your personal (non-Lancaster) email address again into the OTP code box and click Next.

  18. Check your personal email inbox. You will now have an email containing a six digit code. Enter this code into the OTP code box and click Next.

  19. You will see a message OTP was correct. Click Next.
     

Your account is now set up. You will be able to log into services using the authentication app on your device (see instructions below) and if you lose this, you will be able to recover your account using your personal email address.


You can set up apps on multiple devices if you wish, then you'll be able to use any of them to generate one time passwords. Just follow these instructions from steps 3 to 13 again to do so.


 Enable multi-factor authentication now using a physical authentication key

You will need to have requested a key and collected it from the Learning Zone Support Desk before following this process. If this isn't convenient, you can instead set up multi-factor authentication using an app on your device. To do this, see the instructions above.

You can only use an authentication key issued by Lancaster University for this process; keys not registered to the university will not work.


  1. Go to WebLogin one-time password management in a new tab or window and, if prompted, log in using WebLogin.

    If you have accessed this page previously to register a different app, a key or an email address, you will be prompted to enter an OTP now. Please follow the login instructions on this page to do this.

    If you don't have access to another method for generating an OTP, see Lost access to multi-factor authentication app or key for further help.

  2.  Select Add Authenticator.
     
    Screenshot of manage one time password screen

  3. Select Physical Authenticator.

  4. Turn over your physical authentication key. There will be a number above a barcode. Enter this in the Serial box and select Register physical authenticator.

  5. Click Validate your authenticator.

  6. Turn your physical authentication key back over. Press the power button to the left of the screen. Enter the code displayed there in the One-Time Password box.

  7. Click Next to return to the Authenticator list.
     
  8.  Select Add Authenticator.
     
  9. Select Email Recovery.

  10. Enter your personal (non-Lancaster) email address and click Register Email Authenticator.

    Screenshopt of register email authenticator

  11. Click Validate your authenticator.

  12. Enter your personal (non-Lancaster) email address again into the OTP code box and click Next.

  13. Check your personal email inbox. You will now have an email containing a six digit code. Enter this code into the OTP code box and click Next.

  14. You will see a message OTP was correct. Click Next.

Your account is now set up. You will be able to log into services using your physical authentication key (see instructions below) and if you lose this, you will be able to recover your account using your personal email address.






 Log in to services using multi-factor authentication

The following steps apply to services which have multi-factor authentication enabled (e.g. LUSI Online).


  1. On the first screen of WebLogin, enter your username as normal and click Next.

  2. On the next screen, you will be prompted to enter a one-time password.
    Weblogin screens showing request for one time password

  3. Open Microsoft Authenticator (or your alternate app) on your mobile device, or press the power button on your physical authentication key.

  4. Copy the six-digit code displayed in to the one-time password box in WebLogin and click Next.
     
  5. On the next screen, enter your password as normal and click Login.
     

You should now be logged in and can use the service as you normally would.



Frequently asked questions

 What should I do if I lose my physical key or can't access the app I set up?
 Should I use my personal device to download the app?

If you have access to a work-provided mobile or tablet, you should use this to download the app.

If you don't have access to a work-provided device then you can choose to use your own device if you wish. By making this choice you are helping the university to keep its IT systems and services safe, and by extension helping to enhance the security of your own data.

After the app is set up, it doesn't use any data allowance on your phone, nor does it take up significant storage space. It can't access other parts of your operating system. All it does is provide a one-time password when you open it.

If you prefer not to use a personal device to download the app, you can instead request a physical authentication key.




 How secure/private are authenticator apps?

The recommended method of enabling multi-factor authentication is to use an authenticator app. This is more convenient for most people as you generally always have your phone with you, and more secure as you have to unlock your phone before being able to generate an OTP (unlike with a physical key where you only need to press a button).

Installing a recommended authenticator app (Microsoft, Google or Sophos) is unlikely to jeopardise the security of your personal data.

The apps only ask for minimal access to your device. For example, they may only ask for access to your camera to scan the QR code on screen and not for any other purpose.

As with any app, you should only install apps from a trusted App Store (for example, the Apple App Store or the Google Play Store).




 Do I need any extra security on my phone?

The advice for those using an authenticator app is no different from the standard advice that you should always apply to ensure your device is secure (e.g enabling encryption, using lock screen/biometric security). For more guidance, see Security of digital devices.




 Why do you recommend I use a personal email address for account recovery?

We recommend using a non-Lancaster email address as you will be able to access this even if you lose access to your authenticator app or physical authentication key. This will make recovery simpler.

Your personal email address is only used for the purposes of one-time password recovery; it will never be used for any other purpose without your explicit permission.

If you choose not to set up account recovery using a personal email, it will mean you have to visit the Learning Zone Support Desk to recover access rather than being able to do this remotely.




 What do I do if I get a new phone or tablet?

You will need to set up multi-factor authentication again on your new device. Follow the instructions below to do this.

 Enable multi-factor authentication now using an authentication app

To set up multi-factor authentication using an app, you'll need the mobile or tablet device you're going to install the authenticator app on (the "authentication device"), and access to another device (e.g. laptop, PC, tablet – the "main device").

The process is detailed in this video. Written instructions for the same process can be found beneath this.



  1. On your authentication device (e.g. mobile/tablet), open your device's App/Play store and download Microsoft Authenticator. Set aside this device for now – no need to open the app yet.

    If prompted, make sure you Allow access to your devices camera. This is required to scan a QR code later in the process, not for any other purpose.

    You can also use our other recommended apps, Sophos Authenticator or Google Authenticator, if you wish.

  2. On your main device (e.g. PC, laptop) go to WebLogin one-time password management in a new tab or window and, if prompted, log in using WebLogin.

    If you have accessed this page previously to register a different app, a key or an email address, you will be prompted to enter an OTP now. Please follow the login instructions on this page to do this.

    If you don't have access to another method for generating an OTP, see Lost access to multi-factor authentication app or key for further help.

  3. Select Add Authenticator.


  4. Select Mobile App Authenticator.

  5. On your authentication device, open Microsoft Authenticator.

  6. Click + or Add Account to add an account – if prompted with a message about Backups, select Continue.

  7. Select Work or school account.

  8. Using this device's camera, scan the QR code which is on the screen of your other device (or if using a mobile device you can click the QR code) – the app should now start generating 6-digit OTP codes on a loop.

  9. Back on the other device, select Next.

  10. In the OTP code box, enter the six-digit code displayed under Lancaster University in the Microsoft authenticator app on your mobile device – the app will continue to generate new codes, you can just close it at this point.

  11. Click Next.

  12. You will see a message OTP was correct! Click Next.
     
  13. Select Add Authenticator.
     
  14. Select Email Recovery.

  15. Enter your personal (non-Lancaster) email address and click Register Email Authenticator.

    Screenshopt of register email authenticator

  16. Click Validate your authenticator.

  17. Enter your personal (non-Lancaster) email address again into the OTP code box and click Next.

  18. Check your personal email inbox. You will now have an email containing a six digit code. Enter this code into the OTP code box and click Next.

  19. You will see a message OTP was correct. Click Next.
     

Your account is now set up. You will be able to log into services using the authentication app on your device (see instructions below) and if you lose this, you will be able to recover your account using your personal email address.


You can set up apps on multiple devices if you wish, then you'll be able to use any of them to generate one time passwords. Just follow these instructions from steps 3 to 13 again to do so.





 What should I do if I find a physical authentication key?

Please hand any physical authentication keys you find in at the Learning Zone Support Desk as soon as possible.