This page in Swedish

Frequently asked questions regarding MFA

Answers to the most frequently asked questions regarding MFA (multi-factor authentication).

MFA, multi-factor authentication, also called two-step verification, means you must use two different verification steps to sign in to your ORU account or access IT services like email, Teams, etc. After entering your username and password as the first step, you must perform a second step by either entering a six-digit security code that you received by text message (SMS) or giving your approval after receiving a notification in the Microsoft Authenticator app, depending on which notification method you have chosen.

Multi-factor identification prevents unauthorised persons – who have managed to obtain your password – from signing in to your account from an external device. If someone were to gain access to your password and use it, they would still not get access to your ORU account, IT services or applications since you must perform a second step yourself when signing in to your account from an external device. In addition, MFA is a requirement according to the regulations (2020:07) set out by MSB (Swedish Civil Contingencies Agency).

Unfortunately, several employees at the university have had their user accounts compromised, and unauthorised persons have obtained their passwords and managed to sign in. Most often, this is done through so-called phishing emails that are typically looking for bank details and sending emails from the compromised account to attract more people through phishing.

Örebro University has introduced multi-factor authentication (MFA) to prevent this. This means when accessing an IT function at Örebro University that requires a password and is entered by you or someone else, you will receive a notification on your phone, prompting your approval for sign-in.

Yes. MFA is being phased in for all users at Örebro University. After your organisational affiliation has been activated, signing in with MFA is required for all systems and services at the university. You will no longer have system access if you have not signed up for MFA.

Expect to need to authenticate when signing in at least once per day. Sometimes more often, depending on how you work, what systems you use, what kind of device you use to access those services, and how often you change your location, e.g. from your workplace to a classroom, to home or some other place.

If you have an ORU computer and are on campus, you will have fewer authentication requirements than if you work elsewhere.

In addition, Office apps require re-authentication with regularity, both on desktop and mobile devices.

IT Services is working to improve the user experience with as few authentication requests as necessary.

No, you can enable MFA wherever you are, as long as you have Internet access.

No. You only need to add your ORU account if you already have the Microsoft Authenticator app.

Yes. You can install Microsoft Authenticator on several devices, such as your work mobile, private mobile and tablet.

In fact, it is a good idea to have more than one device configured for MFA.

Installation instructions are found at

Sign in to and go to Security info. Select the Add sign-in method and follow the process for adding a sign-in. When done, delete the old method/app.

If you only have MFA verification set up via Microsoft Authenticator on one device, you must contact IT Services to reset your account to set up MFA again.

Configuring multiple methods on different devices, such as your ORU mobile and private mobile, is recommended to avoid this.

Yes, you can use a USB stick for your computer called Security key. Contact IT support to order one.