Skip to main content Help with accessibility Skip to main navigation
Article number: 26503Last updated: 12-02-2024

NHSmail - MFA Instructions for New Users

Important Information

We have enabled Multi Factor Authentication (MFA) on your account.

You will now need to set this up on a mobile device/phone so that you can access you email account in future. Text messaging is often a familiar form of MFA, for further information access the guidance on how to set up text messaging for MFA

We also strongly recommend setting up a Further Device or Smart Card, so that you can access your emails should you not have access to your device, or it becomes lost.

Supplementary Guidance can be found below.

What is MFA?

MFA (sometimes also called 2FA) is an industry standard approach used to improve security, protect data, and reduce the risk of unauthorised access to it. It is a security method that requires the user to provide two or more methods to gain access to a resource such as an application, or online account.

You are likely already using MFA for accessing online accounts, such as banking, when after typing in your password, you are sent a code to your mobile phone that you then key in as an additional form of security. Text message is one form of MFA, but there are several other methods that can be used including, a phone call and an authenticator app on a mobile device or phone.

Why is MFA important to the NHS?

It is an additional way of checking it is really you when you login to your account. It helps protect the organisation’s reputation, keeps NHS / Patient / your data in a more protected environment, provides increased protection against cyber-attacks, and helps you gain access to your account if you forget your password.

How to set up MFA?

One of the most familiar forms of MFA to use is a text message. Users may wish to choose this option when setting up MFA for further information access the guidance on how to set up text messaging for MFA. Alternatively, the Getting Started with MFA guide can be used to set up other forms of MFA.

Once MFA has been set up, we would also recommend setting up an additional form of MFA on another device or set up a smart card (instructions below) where possible, so that users can still access their account should they not have immediate access to their usual device, or it is lost or stolen. This gives users the option of using either device to verify their log in attempt. Access the guidance for setting up further devices.

Please note that the information you provide is stored separate to NHSmail. It will not be visible to any other users and will not appear on the NHSmail address book. Personal devices can therefore be used.

Setting up a Smart Card

In addition, once MFA has been set up, users will also be able to set up a smart card as a form of authentication when using the online NHSmail portal only. Users who set up their smart card and pin can use this to log in and will not need to enter their password or use MFA.

Access the Overview of Smart Card usage with NHSmail.

Further information 

For further information, please see the MFA guidance on the NHSmail support site. 

Quick Reference Guidance Summary

Set Up MFA with Text Messages

Set up a smart card and PIN with NHSmail

Getting Started with MFA guide

Smart Card Usage with NHSmail Overview

Add an Additional form of MFA

NHSmail MFA Complete User Guidance

Setup MFA Guide