Cybersecurity @Melbourne

Information and support for University Staff and Students

The things that make the University of Melbourne such an attractive place to study and work also make us a target for cybercrime. Our world-leading research, valuable intellectual property and the many personal and financial details the University holds make both individuals and the institution vulnerable to the impacts of cyberthreats.

Our Approach to Cybersecurity

The University is working to continuously evolve our cybersecurity capabilities to prevent, detect, disrupt and respond to existing and emerging cyberthreats. As a key centre for innovation within our community, the University pushes the boundaries of conventional use of technology but we do so with a focus on protecting our systems and information.

A cybersecure University of Melbourne is one where we’ve reduced our vulnerability to cyberthreats while balancing our need for openness, autonomy and collaboration. A risk-based approach to cybersecurity means we can better meet these needs while still managing our exposure to cybersecurity risk.

Student Cybersecurity quiz competition

Win one of two AirPods Pro by taking the Cybersecurity quiz below!

To enter:

1. Take the following Cybersecurity quiz or you can copy and paste the following link in your preferred browser: https://go.unimelb.edu.au/w6xe

Competition runs 16 May 2022 - 26 May 2022

Terms and Conditions

Schedule to the terms

1. Competition	Cybersecurity Quiz for Students
2. University	The University of Melbourne [ABN 84 002 705 224], of Parkville, Victoria 3010, Australia
3. Competition website (clause 1)	https://www.unimelb.edu.au/cybersecurity/home/about/
4. Time Zone	Victoria, Australia
5. Competition Period (clause 4)	Competition Period commences: 9:00am on Monday 16 May 2022
5. Competition Period (clause 4)	Competition Period ends: 11:59pm on Thursday 26 May 2022
6. Entry Restrictions (clause 5)	Eligibility: entry is only open to individuals who, during the Competition Period, are current students of The University of Melbourne. Ineligibility: employees of The University of Melbourne are not eligible to enter this Competition.
7. Entry Method (clause 6)	To enter the Competition, entrants must: take the Cybersecurity quiz that will be provided. Each entrant may only enter the Competition once.
Maximum Number of Entries (clause 7)	There is no limit to the number of times that each entrant may enter the Competition.
Use of Personal Information(clause 9(d)	No additional purposes.
Privacy Laws (clause 9)	Privacy and Data Protection Act 2014 (Vic)
11. Privacy Policy (clause 9)	https://policy.unimelb.edu.au/MPF1104
12. Privacy Contact Details (clause 9)	The University of Melbourne Department: Legal and Risk, University Services Name: Privacy and Data Protection Officer Telephone number: 13 63 52 Email address: privacy-officer@unimelb.edu.au
13. Content (clause 10)	Any materials submitted by an entrant via the Competition including but not limited to videos, photos, responses, written material, presentations, comments, recordings, images, and prototypes.
14. Use of Competition Entry (clause 11(b))	In addition to clause 11, each entrant licenses and grants the University and its affiliates a non-exclusive, fee-free, royalty-free, perpetual, world-wide, irrevocable and sub-licensable right to use, reproduce modify, adapt, publish and display their entry (including Content): for all the University’s ongoing promotional activities (such as regramming, advertising, marketing material, media releases, printed material, use on the University’s website and social media channels), and includes promotional purposes not related to this Competition;
15. Judging Details (clause 14)	GAME OF CHANCE This is a game of chance. The Winner will be determined by a randomly selected prize draw. The prize draw will take place on Friday 27 May 2022 at The University of Melbourne, Victoria 3010.
16. Winner(s) (clause 14)	Two Competition Winners
17. Prize (clause 15)	2 x Apple AirPods Pro headphones of equal value (AU$399)
18. Winner(s) Notification (clause 16)	Each Winner will be contacted in writing via their submitted contact details on 30 May 2022.
19. Claim Prize (clause 17)	Each Winner must contact the University by 3 June 2022 and: confirm their mailing address to receive the Prize; or collect the Prize in person by presenting proof of identity at an agreed time and location.
20. Replacement Winner(s) (if required) (clause 18)	The re-selection of the Winner(s) (if required) will take place in accordance with the same Judging Details as specified in item 15 of the Schedule on 14 June 2022.
21. Replacement Winner(s) Notification (if required) (clause 18)	Any Replacement Winner(s) will be contacted via their submitted contact details by 17 June 2022.
22. Replacement Winner(s) Claim Prize (if required) (clause 18)	Any Replacement Winner(s) must contact the University in accordance with the same Claim Prize requirements as specified in item 19 of the Schedule by 1 July, 2022.

General Terms
ENTRANTS
1. By entering the Competition, you agree to be bound by the Terms of the Competition. The Terms governing the Competition include these General Terms, the Schedule to these Terms and any instructions relating to the Competition on the Competition Website. Only entries that comply with the Terms will be considered valid entries to this Competition.
2. Any capitalised terms used in these General Terms have the meaning given in the Schedule, unless stated otherwise. In the event of any inconsistency between the Schedule to the Terms (Schedule) and these General Terms, the Schedule will take precedence.
3. Time Zone. All times and dates in the Terms refer to the Time Zone in operation at the time of the Competition.
4. Competition Period. The Competition will be conducted during the Competition Period. The University is not responsible for any entry that is not received by the University during the Competition Period, for whatever reason. Incomplete or indecipherable entries will not be accepted.
5. Entry Restrictions. Eligibility to enter the Competition is subject to the Entry Restrictions. If entrants under the age of 18 are eligible to enter this Competition, they must have the consent of their parent or guardian to enter the Competition.
6. Entry Method. To enter the Competition, entrants must enter the Competition in accordance with the Entry Method (and any other entry details provided by the University on the Competition Website) during the Competition Period. If entrants are required to enter the Competition via a social media platform, each entrant must have an applicable social media account set to public during the Competition Period and must comply with the relevant social media terms and conditions.
7. Maximum Number of Entries. Entrants can enter the Competition up to the Maximum Number of Entries. Entries must be submitted separately and entry must individually meet the requirements in the Schedule and are subject to the Entry Restrictions.
8. Each entrant is responsible for their own travel and other costs associated with entering the Competition.
9. Use of Personal Information. By entering this Competition each entrant agrees that:
(a)   the University may use their name and contact details for the purpose of conducting the Competition, including complying with its relevant regulatory obligations;
(b)   the University may publish the Winner’s name in compliance with its regulatory obligations in conducting this Competition;
(c)   at the University’s request, the Winner will take part in the University promotional activities which may include their name and image published in the University’s promotional materials (such as the University’s website, marketing materials, advertising, printed materials and social media channels) and for ongoing promotional activities not related to this Competition; and
(d)   the University may use their personal information for the additional purposes identified in Use of Personal Information (item 9 of the Schedule).
Privacy Laws and Privacy Policy. Under Privacy Laws, ‘personal information’ means any recorded information or opinions (whether true or not) that identify an individual or allow an individual to be identified. The University is committed to protecting personal information provided by you in accordance with Privacy Laws. The University has a comprehensive privacy policy addressing issues relating to the use, collection, security and access to personal information available at the Privacy Policy. All information collected by the University is governed by the Privacy Policy. For further information about how the University deals with personal information, please refer to the Privacy Policy or contact the University’s Privacy Officer at privacy-officer@unimelb.edu.au.
Privacy Contact Details. You may access any personal information you have provided by contacting the University staff member identified in the Privacy Contact Details.
1. Content. Entrants agree that they are fully responsible for any Content. The University is not liable in any way for such Content to the full extent permitted by law and may remove or decline to publish any Content without notice for any reason whatsoever. Entrants warrant and agree that:
  (a)   they will not submit any Content that is unlawful or fraudulent, or that the University may deem in breach of any intellectual property, privacy, publicity or other rights, defamatory, obscene, derogatory, pornographic, sexually inappropriate, violent, abusive, harassing, threatening, objectionable with respect to race, religion, origin or gender, not suitable for children under 14, or otherwise unsuitable for publication;
  (b)   their Content shall not contain viruses or cause injury or harm to any person or entity;
  (c)   they will obtain prior consent from any person who, or from the owner(s) of any property that, appears in their Content;
  (d)   the Content is the original work of the entrant that does not infringe the rights of any third party or otherwise they will obtain full prior consent from any person who has jointly created or has any rights in the Content to the uses contemplated by these Terms, and the Content does not infringe the rights of any third party;
  (e)   they consent to any use of the Content which may otherwise infringe the Content creator’s/creators’ moral rights pursuant to the Copyright Act 1968 (Cth) and warrant that they have the full authority to grant these rights; and
  (f)    they will comply with all applicable laws and regulations, including without limitation, those governing copyright, content, defamation, privacy, publicity and the access or use of others' computer or communication systems.
  Without limiting any other terms herein, the entrant agrees to indemnify the University for any breach of the above terms.
2. Use of Competition Entry. As a condition of entering this Competition, each entrant licenses and grants the University and its affiliates a non-exclusive, fee-free, royalty-free, perpetual, world-wide, irrevocable and sub-licensable right to use their entry (including Content) for:
  (a) the purposes of conducting and promoting the Competition; and
  (b) the additional purposes identified in Use of Competition Entry (item 14 of the Schedule).
  The University will not enter into commercial arrangements or directly profit from the licence.
3. If this Competition is interfered with in any way or is not capable of being conducted as reasonably anticipated due to any reason beyond the reasonable control of the University, including but not limited to technical difficulties, unauthorised intervention or fraud, the University reserves the right, in its sole discretion, to the fullest extent permitted by law:
  (a) to disqualify any entrant; or
  (b) to modify, suspend, terminate or cancel the Competition, as the University deems appropriate.
4. Except for any liability that cannot by law be excluded, including any statutory consumer guarantees provided under the consumer protection laws of Australia, the University (including its respective officers, employees and agents) excludes all liability (including negligence) for any personal injury, or any loss or damage (including loss of opportunity), whether direct, indirect, special or consequential, arising in any way out of the Competition.
  WINNER
5. Judging Details and Winner. The Winner will be determined from the valid Competition entries received by the University in accordance with the Judging Details.
6. Prize. The Prize will be awarded as specified in the Schedule. The Prize values are the recommended retail value as provided by the relevant supplier, are in Australian dollars, are correct as at the time of the commencement of the Competition Period and are inclusive of all taxes. If the Prize is in the form of a gift voucher the Winner must comply with the gift voucher’s terms and conditions. The Winner must claim the Prize in accordance with Claim Prize. Please allow at least 28 days from the date of notification for the delivery of the Prize. Transport to claim the prize is not part of the prize and is the sole responsibility of the Winner. The Prize cannot be exchanged or redeemed for other goods, services, cash or credit. If, for some reason the Prize is unavailable, the University reserves the right to substitute the Prize for a prize of equal or greater value.
7. Winner Notification. The Winner will be notified in accordance with Winner Notification. The Winner may also be announced in accordance with clause 9(b) above.
8. Claim Prize. If the Winner does not comply with these Terms and/or does not claim the Prize in accordance with Claim Prize, the University reserves the right to select a replacement winner from the remaining valid entries in accordance with clause 14 above.
9. Replacement Winner. If a winner re-selection is required, the selection of the replacement winner will be conducted by the University in accordance with Replacement Winner. The Replacement Winner will be notified in accordance with Replacement Winner Notification. The Replacement Winner may also be announced in accordance with clause 9(b) above. The Replacement Winner must claim the Prize in accordance with Replacement Winner Claim Prize.
10. The entrants are not agents of The University of Melbourne and must not convey that impression to anyone.
11. The result of the Competition is final and no correspondence will be entered into.

Multifactor Authentication (MFA)

Multifactor Authentication (MFA) is an additional security step to verify your identity when you login to key University applications. This extra layer of security protects your user account from unauthorised access.

How Multifactor Authentication works

3 step image demonstrating MFA verification on a mobile device

When you'll be prompted to verify
MFA may prompt you at any time to confirm it’s really you logging in:
- The first time you login to a browser that you have not logged into before
- The first time you access your applications from a device that you have not logged into before
- Any time you login from a country that is different to the country of your last login
Security benefits of MFA
MFA helps protect accounts by adding an additional verification step to confirm the identity of users so that even if a cyber-criminal knows an individual’s password, the added layer will stop them accessing user accounts and key information such as:
- Your name
- Your address
- Bank Details
- Medical Records
- Your work and files

Your MFA options

	Okta Verify app (Primary factor for staff and students)	Google Authenticator app (Recommended backup factor)
What's required?	Okta Verify app downloaded to smartphone or tablet	Google Authenticator app downloaded to smartphone or tablet
How it works	User accepts a push notification sent in the app or User types in a six-digit verification code generated by the app when offline	User types in a six-digit verification code generated by the app
Supports push notifications	Yes	No
Minimum Mobile device requirements	Yes - iOS 13.0 compatible device - Android version 7.0+ - Windows Phone version 8.0+	Yes - Android version 2.3.3+ - iOS version 7.0+
Available offline	Yes	Yes
Works with VPN	Yes	Yes
Can be installed on more than one smart device	No	Yes The University recommends using Google Authenticator as a backup factor

Ready to Enrol?

Visit the Enrolling for MFA page using the button below to quickly and easily enrol your smartphone for MFA.

Visit the Enrolling for MFA page

Lightbulb icon prompting users to think ahead when considering MFA

Airplane icon prompting users to enrol in advance of travelling overseas

Smartphone icon prompting users to set up a backup authentication factor

Staff Support

Chat with a Service Centre agent

+61 3 834 40888
(7:30am - 7:30pm weekdays)

Staff Cybersecurity Website

Student Support

Chat with Stop 1

13 Melb (13 6352)
(Within Australia)

+61 3 9035 5511
(Outside Australia)

Visit Stop 1

Enrolling for MFA

Here you will find out how to quickly and easily enrol for Multifactor Authentication.

At the University of Melbourne, your online security is important to us. To help protect your information we use multifactor authentication (MFA), which requires both a password and secondary means (factor) to verify your identity, in order to login to University applications. Please refer to the information below to set up multi-factor authentication (MFA) on your smartphone.

Why is Multifactor Authentication important?

Image showing Student, Staff and Academic avatars.

You will need:

Internet access on a web browser.
A compatible smartphone with data connection.
Compatible Smartphone or Tablet Operating Systems
- iOS 13.0 compatible device
- Android version 7.0+
- Windows Phone version 8.0+

Enrol for MFA

MFA Enrolment Quick Reference Guides

For more information on Multifactor Authentication, please select any of the previews or links below to download a useful visual step-by-step guide:

Getting Started with MFA	How to Enrol for MFA	How to Login after Enrolment	How to Reset your Okta Enrolment
How to Setup Google Authenticator	How to use MFA Overseas	How to Login to Microsoft Apps	How to Enrol for MFA in China

MFA Enrolment Video Guides

Apple Devices

Android Devices

First Time Log In

MFA Support

Have a question or need help?

Visit the MFA Support & FAQ page for frequently asked questions and additional support:

Visit the MFA Support & FAQ page

Lightbulb icon prompting users to think ahead when considering MFA

Airplane icon prompting users to enrol in advance of travelling overseas

Smartphone icon prompting users to set up a backup authentication factor

Staff Support

Chat with a Service Centre agent

+61 3 834 40888
(7:30am - 7:30pm weekdays)

Staff Cybersecurity Website

Student Support

Chat with Stop 1

13 Melb (13 6352)
(Within Australia)

+61 3 9035 5511
(Outside Australia)

Visit Stop 1

MFA Support & FAQ

Enrolling for MFA - Frequently Asked Questions

What is the Okta Verify App?
A lightweight and secure smartphone application
The Okta Verify app is a lightweight application used to confirm a user’s identity on their smartphone when signing into a key University of Melbourne application. The app is developed by Okta, the University of Melbourne’s technology partner for multifactor authentication (MFA).
Okta Verify provides an additional security step to verify your identity when you login to key University applications. This extra layer of security protects your user account from unauthorised access.
Setting up Okta Verify
The Okta Verify app needs to be downloaded and set up on a compatible smartphone by following a guided process. Once the setup process has completed, the Okta Verify app will display a rolling 6-digit code on your smartphone. At this point you can simply close the app. The use of this code is explained in the next section. You will also receive two emails from Okta confirming your successful enrolment.
Two ways to verify your identity
1. Push Notification: When prompted to verify, simply select ‘Yes, it’s me’ on your enrolled smartphone. This requires internet access.
2. 6-digit code: Sign into a University application in the normal way and select the ‘or enter code’ option on the Okta Verify prompt screen. Now, open the Okta Verify app on your enrolled device and type the 6-digit code provided into the Okta prompt screen on your web browser, then select ‘Verify’.
The 6-digit code is generated using the industry standard Time-Based One-Time Password Algorithm and is used to authenticate when internet access is unavailable.
Privacy
Okta Verify has passed all required vetting both by the App Store and the University. Okta Verify does not store any personal information – it only requires permission to use your device camera to scan a QR code to register your device with Okta.
For more information, please read the Privacy Collection Notice.
Where can I download the Okta Verify app?

You can download Okta Verify to your smartphone by visiting the Google store (Android), Apple store (iPhone) and the Microsoft store (Windows).
Once you have installed the app on your smartphone, please watch our device enrolment video guides or visit the Enrolling for MFA page to complete MFA enrolment.
My smartphone can’t run the Okta Verify app.

If you do not own a compatible smartphone, please contact the Service Centre (Staff) and 13MELB (Students) for assistance.
I don’t have a smartphone.

If you do not own a smartphone, please contact the Service Centre (Staff) and 13MELB (Students) for assistance.
I don’t want to download the Okta Verify app on my smartphone.
I am concerned about my privacy:
- The Okta Verify App has passed through the App Store and University vetting processes.
- The University has no access to the app on your phone and cannot view any of the data on your phone, other apps installed, monitor calls or track your location
- The app requires internet for push notifications but can also operate offline via the rolling 6-digit code that updates every 30 seconds
- The app does not require you to link it to a particular phone number
I am concerned about using my personal smartphone:
- The University encourages all staff and students to use their personal device to verify their identity
- Providing a University-issued device to each user is not possible due to the high cost
- The security provided by MFA greatly enhances the protection of not just University information but also your personal information
- The use of MFA is a requirement for ongoing access to University services
I am concerned about the performance impact on my smartphone:
- The app uses minimal resources on your smartphone and prompts you only when Okta needs you to verify your current log in
My location blocks access to the Google Play store. What should I do?
You can manually download and install Okta Verify on your Android smartphone by following these steps:
1. On your preferred web browser, go to sso.unimelb.edu.au and login with your University username and password.
2. Select the Setup button for Okta Verify in the 'Setup Multifactor Authentication' area. Then select your device type.
3. Manually download and install Okta Verify to your smartphone.
  Download link: https://uom-share.oss-cn-hangzhou.aliyuncs.com/OktaVerify-6.1.1.apk
4. On the Setup Okta Verify screen on your web browser, select the 'Can't Scan?' option. Then, from the dropdown menu, select 'Setup manually without push notification'.
5. Open the Okta Verify application on your Android device and select Add Account. Then select the 'No Barcode?' option at the bottom of the screen.
6. Enter your username and the Secret Key displayed on your web browser. Then select Add Account.
7. Select Next on your web browser, then enter the 6-digit code associated with your University account displayed on the Okta Verify application on your Android mobile device. Then select Verify.
8. Congratulations! Your account is now registered with Okta Verify. You can now authenticate via the 6-digit codes generated on the Okta Verify application on your Android smartphone.
Can I use Okta Verify on more than one device?

Okta Verify app can only be enroled on one device, however The University recommends using Google Authenticator as a backup authentication factor.
Google Authenticator can be installed on multiple devices.
What are the minimum requirements for installing Okta Verify on my smartphone?
Check that your smartphone meets the following requirements:
- iOS 13.0 compatible device
- Android version 7.0+
- Windows Phone version 8.0+
If you continue to have difficulties, please contact the Service Centre and 13MELB (Students) for assistance.
When will I be prompted by Okta Verify
You will be prompted by Okta Verify in the following scenarios:
- The first time you login from a browser that you have not logged into before
- The first time you access your applications from a computer that you have not logged into before
- Any time you login from a country that is different to the country of your last login
If you receive a notification for activity that you don’t recognise, you should contact the Service Centre (Staff) or 13MELB (Students) immediately.
How can I authenticate using Okta Verify?
- Push Notification –You will be required to verify your identity by accepting ‘Yes, it’s me’ prompt on your smartphone.
- 6 digit code (Offline mode) – Alternatively, you have an option to enter the 6 digit code to verify your identity.
If you require any further assistance, please contact the Service Centre (Staff) and 13MELB (Students).
Do I need to keep the Okta Verify app on my smartphone, once I have enrolled for MFA?

Yes. In order receive push notifications to confirm your identity, you need to have the app installed on your smartphone. If you have accidentally deleted the Okta Verify app, please contact the Service Centre (Staff) and 13MELB (Students).

Using MFA - Frequently Asked Questions

What happens if I get a new smartphone?
You can transfer multifactor authentication from your previous smartphone to a new one.
You will need:
- Your old smartphone
- Your new smartphone
- A computer
1. On the web browser of your computer, go to sso.unimelb.edu.au, enter your login credentials and click on the 'Send Push' button.
2. You will receive a push notification from Okta on your old smartphone. Select ‘Yes, it’s me’ on your old smartphone to verify your identity.
3. Once logged in to your account, select the dropdown menu for your account username (located top-right), and select ‘Settings’.
4. Under the ‘Extra Verification’ section, select the ‘Remove’ button adjacent to ‘Okta Verify’. You’ll then be asked if you want to revoke your existing Okta Verify token. Click ‘Yes’ to continue.
5. You can now follow the steps provided in the How to Enrol for MFA guide to enrol your new smartphone.
Can I use Google Authenticator instead?

Yes, however we recommend that you use Okta Verify as your primary authentication factor as you will receive push notifications when verifying your identity.
Once you have enrolled with the Okta Verify app, Google Authenticator will become available to configure as a recommended backup authentication factor.
If you wish to use Google as a primary multifactor authenticator, please contact the Service Centre (Staff) and 13 MELB (Students) for assistance.
What happens if I delete Okta Verify from my smartphone?

You can use your backup factor, such as Google Authenticator, to enable you to log back in and reset Okta Verify.
If you do not have a backup factor, please contact the Service Centre (Staff) and 13 MELB (Students) for assistance.
How do I avoid being prompted by MFA when logging in from home?

When logging in from a new device or from home, on the Okta Verify user login screen, tick ‘Do not challenge me on this device for the next 90 days’.
Can I get temporary exclusion from Multifactor Authentication?

Multifactor Authentication is required for every University of Melbourne staff member and student.
Temporary exclusion from Multifactor Authentication can only be granted if you temporarily do not have access to your enrolled device and cannot access University applications.
To request temporary exclusion from Multifactor Authentication, please contact the Service Centre (Staff) and 13 MELB (Students) for assistance.
Okta push notifications and verification codes aren’t working for me?
The most common reason for Okta push notifications and verification codes failing is a mismatch of the time and date settings on your phone and actual location. Please make sure the time and date settings on your enrolled device match those of your current location.

If you are using an Android mobile device, please enable the 'Automatic date and time update' feature in your Settings.
On your enrolled device, you can also check the following:
- Push Notifications have been enabled in the Okta Verify app
- Your device operating system is up to date and meets the minimum requirements to support Okta Verify
Please check the above and try again.
For further assistance, please contact the Service Centre (Staff) and 13 MELB (Students) for assistance.
How do I reset my Multifactor Authentication factor(s)?

If you have access to your enrolled device and need to reset your Okta enrolment, please follow the steps provided in the How to Reset Your Okta Enrolment guide.
If Okta Verify has been deleted and you are unable to reset your factor manually, please visit sso.unimelb.edu.au and authenticate via your backup factor.
If you have trouble resetting any factor, please contact the Service Centre (Staff) and 13 MELB (Students)for assistance.
I currently don’t have access to my enrolled factor. What should I do?

If you do not have access to your enrolled device and cannot access University applications, please contact the Service Centre (Staff) and 13MELB (Students)for assistance.
What if I can’t have my enrolled device with me?

If you work or study in a restricted environment where mobile devices are not allowed, such as University physical containment rooms or science labs, please contact the Service Centre (Staff) and 13 MELB (Students) for assistance.
I think my University account may have been compromised. What should I do?

If you encounter suspicious activity on your University account, please immediately contact the Service Centre (Staff) and 13 MELB (Students)for assistance:
I can’t access University mailbox on my iPhone native mail Application. What should I do?

To access emails on your enrolled iOS 10 or lower device, please go to https://outlook.office.com/mail/inbox on your preferred mobile web browser such as Safari or Chrome or upgrade your device to a newer model that is supported by Apple
To access emails on your enrolled iOS 11 or iOS 12 device, please delete and re-add your email account on your phone (steps provided in the Changes to Office 365 app use on Apple Devices guide) or go to https://outlook.office.com/mail/inbox on your preferred mobile web browser such as Safari or Chrome.
For further assistance, please contact the Service Centre (Staff) and 13MELB (Students).

International MFA Access - Frequently Asked Questions

I will be travelling overseas soon. What should I do before I leave?

Please pre-enrol your device on Okta Verify before travelling to avoid University of Melbourne application access issues.
You will be prompted to verify while overseas, so please keep your device handy at all times to avoid delays.
Can I use Okta Verify without international data / roaming data?

Yes. You can still verify your identity via access code-based authentication with the Okta Verify app.
If you have internet access on your phone, including through Wi-Fi, you’ll continue to receive Okta push notifications as normal.
Do I need a SIM card with mobile data?

You only need internet access on your smartphone to receive Okta push notifications.
If you have mobile data, Okta will use your data for push notifications. If not, you can use the access-code based authentication.
Please pre-enrol your device on Okta Verify before travelling to avoid University of Melbourne application access issues.
Can I enrol from overseas?
Yes. Simply follow the normal enrolment process and scan the Okta QR code on your smartphone when presented.
When enrolling from other countries:
- Ensure that your mobile device has internet access
- If enrolling with a laptop or desktop device, scan the QR code as usual
If enrolling directly with a mobile device (without a laptop or desktop), you will have the following options:
- Send activation link via SMS
- Send activation link via email
- Setup manually without push notification
The University recommends that you use the "Send activation link via email".
SMS links may not be delivered or may result in roaming fees (depending on your mobile plan).
Setting up manually is not recommended - you will need to enrol again to start receiving push notifications.
How do I setup MFA from China?
Due to the restrictions on Google services in China, you won't be able to download and install applications such as Okta Verify or Google Authenticator from the Google Play Store on Android devices.
You can manually download and install Okta Verify on your Android smartphone by following these steps:
1. On your preferred web browser, go to sso.unimelb.edu.au and login with your University username and password.
2. Select the Setup button for Okta Verify in the 'Setup Multifactor Authentication' area. Then select your device type.
3. Manually download and install Okta Verify to your smartphone.
  Download link: https://uom-share.oss-cn-hangzhou.aliyuncs.com/OktaVerify-6.1.1.apk
4. On the Setup Okta Verify screen on your web browser, select the 'Can't Scan?' option. Then, from the dropdown menu, select 'Setup manually without push notification'.
5. Open the Okta Verify application on your Android device and select Add Account. Then select the 'No Barcode?' option at the bottom of the screen.
6. Enter your username and the Secret Key displayed on your web browser. Then select Add Account.
7. Select Next on your web browser, then enter the 6-digit code associated with your University account displayed on the Okta Verify application on your Android mobile device. Then select Verify.
8. Congratulations! Your account is now registered with Okta Verify. You can now authenticate via the 6-digit codes generated on the Okta Verify application on your Android smartphone.

Lightbulb icon prompting users to think ahead when considering MFA

Airplane icon prompting users to enrol in advance of travelling overseas

Smartphone icon prompting users to set up a backup authentication factor

Staff Support

Chat with a Service Centre agent

+61 3 834 40888
(7:30am - 7:30pm weekdays)

Staff Cybersecurity Website

Student Support

Chat with Stop 1

13 Melb (13 6352)
(Within Australia)

+61 3 9035 5511
(Outside Australia)

Visit Stop 1

Privacy Collection Notice

The collection of personal information by the University of Melbourne (University) is governed by the Privacy and Data Protection Act 2014 (Vic) and Health Records Act 2001 (Vic) (together, Privacy Laws). The University is also considered to be a data controller for the purposes of the EU General Data Protection Regulation 2016/679 (GDPR)regarding the collection of personal information from individuals located in the EU, when conducting certain activities. The University is committed to protecting your privacy and processing your personal information fairly and lawfully in compliance with the Privacy Laws and the GDPR, as applicable.

The information you provide will be collected by the University for the legitimate interest of administering your University IT access. The University is using third-party service provider, Okta, to assist in administering multi-factor authentication. Okta has established a privacy policy to help users understand how Okta collects and uses personal information. Please refer to Okta’s Privacy Policy for details: https://www.okta.com/privacy-policy/.

The information may also be used by the University or Okta for analysis, quality assurance and planning purposes. We may be unable to provide you with IT access if you do not provide the personal information requested. The provision of your biometric data is voluntary and based on your consent.

The information you provide will be used by authorised staff for the purpose for which it was collected. It will not be transferred outside Australia unless to an entity operating under substantially similar privacy obligations. We will not disclose your personal information to anybody else without your consent, unless we are authorised or required to do so by law. We take all reasonable steps to ensure that the information we hold is accurate and complete, and that appropriate technical and organisational security measures are in place and maintained to protect personal information that is transmitted, stored or otherwise processed, from accidental or unlawful destruction, misuse, loss, alteration, unauthorised access or disclosure.

We will only retain your personal information for as long as required for the purpose for which it was collected and in accordance with our legislative obligations. This information will then be securely destroyed in accordance with the University’s retention and disposal authority.

You may also request access to, or correction of your personal information held by the University, or exercise data subject rights under the GDPR or withdrawal of your consent if applicable. To do so, students may contact 13 MELB (13 6352) or Staff can log a request with Staff Services https://unimelb.service-now.com/sp.

For further information about how the University manages personal information, to make an enquiry or complaint, or for contact details of the University’s Privacy and Data Protection Officer, please view the University’s Privacy Policy, visit our Privacy Webpage, or contact the University’s Privacy Office at privacy-officer@unimelb.edu.au.

For students, any issues regarding system access or queries prior to completing online forms should be directed to 13 MELB (13 6352) or Stop 1 https://students.unimelb.edu.au/stop1.

For staff, any issues regarding system access should be directed to the University of Melbourne Service Centre on (03) 8344 0888. If you have any queries about this application prior to completing your online form please contact your supervisor or their nominated administrator.

Reporting a Security Vulnerability

The University of Melbourne is committed to ensuring the security and privacy of its information, systems, and services, and we value the help of security researchers in reducing cyber risks.

If you suspect you have found a security issue that could be used to compromise the integrity, availability, or confidentiality of University of Melbourne information, systems or services, please share the details with us by using the web form below.

We will acknowledge receipt of all vulnerabilities reported via this process, conduct a thorough investigation, and then take appropriate action for resolution.

The following types of activities should not be undertaken:

clickjacking
social engineering or phishing
network or service denial of service (DDoS or DoS)
physical attacks
modify or destroy data (or attempt to do this)

The University has processes to handle the below issues and they should not be reported:

weak or insecure SSL ciphers and protocols
expired or self-signed certificates and certificate vulnerabilities
open ports

Our Approach to Cybersecurity

Student Cybersecurity quiz competition

To enter:

Terms and Conditions

Multifactor Authentication (MFA)

How Multifactor Authentication works

Your MFA options

Ready to Enrol?

Staff Support

Student Support

Enrolling for MFA

Why is Multifactor Authentication important?

You will need:

Compatible Smartphone or Tablet Operating Systems

MFA Enrolment Quick Reference Guides

MFA Enrolment Video Guides

Apple Devices

Android Devices

First Time Log In

MFA Support

Staff Support

Student Support

MFA Support & FAQ

Enrolling for MFA - Frequently Asked Questions

I am concerned about my privacy:

I am concerned about using my personal smartphone:

I am concerned about the performance impact on my smartphone:

Using MFA - Frequently Asked Questions

International MFA Access - Frequently Asked Questions

Staff Support

Student Support

Privacy Collection Notice

Reporting a Security Vulnerability