If you have arrived here because you have just registered your mobile phone number successfully then congratulations! You are ready to use Additional Verification and can simply access the resource you require as you have been instructed.
Additional Verification allows you to use your Single sign-on account to access resources that require an extra level of security. The system is similar to those used by many banks when you transfer money from your account online. Additional Verification is invoked by an application when it requires extra assurance that you really are you, perhaps because you are doing something that is of high sensitivity or high importance.
When you try to access something that is protected by this service you are taken to a page from where you can request a text (SMS) message containing a single-use code to be sent to your mobile phone. On receipt of it you enter this code into our Single sign-on system in a similar fashion to entering your SSO username and password. You are authenticated with higher assurance because the authentication depends on something only you have (your mobile phone) as well as something only you know (your password).
Each SMS code is valid for login for 15 minutes from issue (not from receipt). This means that if it has not arrived 15 minutes after you requested it, then it won't be valid and you'll need to restart the login process. This should be an extremely rare event.
Tto use Additional Verification you must have a mobile phone with a UK number and it must be able to receive text messages (sometimes known as SMS messages). We must have on record at least one contact email address for you.
If you are a virtual card holder, please ensure you have registered an email address with us. Unfortunately, if you didn't already have an email address registered with us, you will need to wait until the next day before you are then able to register for Additional Verification.
To register for Additional Verification, visit the registration page to register your mobile phone, where you will be asked for a few personal details to assure the system that you are really you.
Next you are asked for your mobile number and a code is sent to you which you must type into the registration page to prove that you have the mobile phone that receives text messages on the number you provided.
You'll be notified by email every time a mobile number is registered against your Single sign-on account. If you receive such a notification, and you haven't tried to register a new mobile number, please let us know without delay.
- The address bar in your browser should start with https://, not http://.
- You shouldn't ignore any certificate-related warnings from your web browser, instead consult your IT Staff or the OUCS Help Centre before proceeding further.
Checks completed, you simply access the service you require using the URL (web link) of that service and instructions as provided to you by the service owner. If you haven't already done a normal Single sign-on username and password login (perhaps like you would to a conventional weblearn site) you'll be asked to do that. Then you'll be taken to a screen that has a button Request new code that you can use to get a code sent to your phone and you must input that code when you receive it. It's as simple as that!
If you know you are going to be using this service in a place where you can't have a mobile phone switched on, or there is no reception, then you can request a code up to 15 minutes in advance and use it when you are ready (so long as it's within 15 minutes)
If you change your mobile number, either as a result of loss or for any other reason then you will need to register it the same way as you originally registered. The new number will overwrite the old one. You don't need to de-register the old number first.
There is currently no way to "wipe" a mobile number from your Single sign-on account. This is not a problem as once you know you have lost the phone you can quickly change your Single sign-on password and have your mobile provider disable the lost phone so it can't receive text messages to your number. Remember your phone is useless for Additional Verification in the wrong hands as the new "owner" won't know your username and password.
You should change your Single sign-on password just in case it is stored somehow on that phone - this particularly applies to smartphones that you might also be using to access your email.
While you are waiting for a replacement phone you will not be able to use resources that need Additional Verification unless you register a different mobile phone to use for that purpose. Alternatively, if your replacement phone keeps your lost phone's number then you can safely restart using Additional Verification once you are happy that you can receive text messages to your original number.
- Is your phone switched on with a healthy battery?
- Does your phone have reception? If not you can request a code up to 15 minutes before you'll need it.
- Was the correct mobile phone number displayed on the verification page after you requested a code i.e. was it yours?
- Does your phone have space available in its inbox for incoming messages? (try deleting some old text messages if not).