Search this website
What is Multi-Factor Authentication (MFA)?
Normally you use your email address and password to log into your NHSmail account. Multi-factor authentication (MFA) is an additional way of checking that it is really you when you log in to your account.
In addition to your email address and password, you will need to set up a second form of authentication, such as an authentication app on your mobile phone, text message or phone call. This second layer of security is designed to prevent anyone but you from accessing your account, even if they know your password.
Why is MFA important?
Cyberattacks on electronic health records and other systems pose a risk to residents privacy because hackers access sensitive information potentially causing harm to residents safety and care delivery. Hackers can have ransomware viruses to hold medical records or devices hostage, risking your access to vital tools and information.
The national roll out of Multi-Factor Authentication began on 19th August 2024 for users who were not MFA enabled.
The enablement began with a two-week MFA Registration Campaign from 19th August 2024 to 2nd September 2024, where affected users received a pop-up countdown notification asking them to register an authentication method whenever they login to their nhs.net account.
Users could self-enrol for MFA or snooze this notification so they can log in to their account allowing them to work.
How will the access change?
From 2nd September 2024, existing users who have not taken any action were moved into a specific group that has a stronger sign in policy.
Based on recent changes to the security landscape and after internal reviews of their effects, stronger measures must take place to ensure the safety of the NHS.net Connect environment.
Therefore, from 26th March 2025:
If you require any support in setting up MFA please contact us: nwicb.digitalsocialcare@nhs.net