Knowledge Now logo

What is Multi-Factor Authentication (MFA)? 

Normally you use your email address and password to log into your NHSmail account. Multi-factor authentication (MFA) is an additional way of checking that it is really you when you log in to your account.

In addition to your email address and password, you will need to set up a second form of authentication, such as an authentication app on your mobile phone, text message or phone call. This second layer of security is designed to prevent anyone but you from accessing your account, even if they know your password.

Why is MFA important?

Cyberattacks on electronic health records and other systems pose a risk to residents privacy because hackers access sensitive information potentially causing harm to residents safety and care delivery. Hackers can have ransomware viruses to hold medical records or devices hostage, risking your access to vital tools and information.

The national roll out of Multi-Factor Authentication began on 19th August 2024 for users who were not MFA enabled.

The enablement began with a two-week MFA Registration Campaign from 19th August 2024 to 2nd September 2024, where affected users received a pop-up countdown notification asking them to register an authentication method whenever they login to their nhs.net account.

Users could self-enrol for MFA or snooze this notification so they can log in to their account allowing them to work.

 

How will the access change?

From 2nd September 2024, existing users who have not taken any action were moved into a specific group that has a stronger sign in policy.

Based on recent changes to the security landscape and after internal reviews of their effects, stronger measures must take place to ensure the safety of the NHS.net Connect environment.

 

Therefore, from 26th March 2025:

  • All users, including NHS managed social care users, who have not already enabled MFA, will lose access to all 365 services until MFA is applied.
  • Users will be prompted when they next log in to the Portal or Outlook Web/desktop Apps or any other 365 resource following the change date.
  • The NHS.net connect team will be communicating additional information in due course as part of this enforcement.
  • Further information about how to enable MFA is available on the NHS net connect support pages: Multi-Factor Authentication (MFA) – NHS net Connect Support

If you require any support in setting up MFA please contact us: nwicb.digitalsocialcare@nhs.net