Two-Step Login

With your Unibas account, you have access to the network and applications of the University of Basel 365 days a year and around the clock.

In doing so, you may use applications and process data with increased protection requirements, which is why the 'Two-Step Login' is introduced for all user accounts.

  • Read which methods are available for authentication.
  • Select your preferred method. The 'Best Practice' can help you with the selection.
  • Activate your account and configure the methods you want.

Here you can go directly to the quick guides for activating 'Two-Step Login'.

 

 

Methods
  • For smartphone users, the PUSH method is the most convenient way to use 'Two-Step Login'. By simply confirming the request, the users can perform the authentication.
  • It is also recommended that smartphone users store their mobile number. This makes it easier to change their smartphone.
  • Store your Unibasel phone number. This will enable you to perform 'Two-Step Login' even if your smartphone/mobile device is not operational.
  • If you have access to other phone numbers (e.g. a second phone number at work or at home), you can also store these as additional numbers.
  • If you have several smartphones or tablets in use, install the Authenticator app on these devices as well.
Short and sweet
  •     From 27 February 2023, if you use the Microsoft Authenticator App, you will also need to enter a 2-digit number before authorisation.
  •     If you use another Two-Step Login method (2FA) (e.g. 6-digit OTP code, hardware token in credit card format, SMS code, other Authenticator App), nothing will change for you.
  •     Likewise, Microsoft has discontinued support for the Apple Watch for security reasons as of January 2023. If you have been using it until now, you will need to deactivate the Authenticator App for Apple Watch.
Details and background information

Since the beginning of 2022, we have been using two-step login (2-factor login or multifactor authentication) at the University of Basel. We are pleased to report that there have been no successful phishing attacks on services protected with Two-Step-Login since its introduction.
One of the most convenient and popular two-step login methods is the so-called push notification with the Microsoft Authenticator app on the smartphone.

Cybercriminals have also upgraded and are trying to circumvent the Two-Step-Login. In this so-called "MFA Fatigue Attack" (also called "MFA Prompt Bombing"), the user is harassed by means of multiple repeated requests until finally such an annoying request is confirmed by mistake.
This YouTube video shows an example of this: https://youtu.be/wHhbWUXx95U

To counteract such attacks, the push notifications of our two-step login will be changed to the "number matching" procedure from 27 February 2023.

What does this mean for you as a user?

Make sure you have the latest version of the Microsoft Authenticator app installed on your smartphone. Only the latest versions will support the number-matching process.

You will need to enter a two-digit number, which will be displayed when you log in, into the Authenticator app before confirmation. This ensures that confirmation can only take place if you know this additional number.

Bild Anmeldung PC mit Nummer
Bild Nummer in Authentificator App

Instructions for changing the device

  • You want to change your device or have already done so.
  • You currently still have access to your old device
  • You have stored another login method such as SMS, call or HW token

 

If you no longer have access to your old device, it is no longer possible to change it yourself; in this case, please contact the Service Desk. You have 2 options to make the reset as quick as possible:

  1. You can contact us by telephone on +41 61 207 14 11 please have your Unicard ready for identification
  2. You can request a 2-step reset by e-mail, please send us your request and a scan/photo of the Unicard or a valid ID card
BrowserNameWindows key commandMacOS key command
SafariPrivate BrowsingCommand⌘+Shift+n
Google ChromeIncognitoCtrl+Shift+n⌘+Shift+n for Mac
FirefoxPrivate BrowsingCtrl+Shift+p⌘+Shift+p for Mac
EdgeInPrivate BrowsingCtrl+Shift+n⌘+Shift+p for Mac
OperaPrivate Tab / Private WindowCtrl+Shift+n⌘+Shift+n for Mac
BravePrivate BrowsingCtrl+Shift+n⌘+Shift+n for Mac
Internet ExplorerInPrivate BrowsingCtrl+Shift+p⌘+Shift+p for Mac

 

Preparation

Make sure that the Microsoft Authenticator app is installed on your smartphone or install the app from the relevant app store:

Other apps can also be used as an alternative to the MS Authenticator app.
- Authy: Apple App Store / Google Play Store
- Google Authenticator: Apple App Store / Google Play Store
- FreeOTP Authenticator: Apple App Store / Google Play Store
- Lastpass: Apple App Store / Google Play Store

These apps do not offer all the functionalities of the MS Authenticator app (push method). Support for the use of these alternative apps cannot be guaranteed by IT Services.

Activation

  • Open a new 'private' window in your browser (the name and procedure differ depending on the Internet browser you are using).
  • Copy and open the following link in the private browser window: https://aka.ms/mfasetup
  • You will be redirected to the Microsoft login portal.
  • Identify yourself with your Unibas e-mail address on the Microsoft login portal.
  • You will be redirected to the University of Basel login screen.
  • Enter your password.
  • Confirm your login on your old device.

You have several options for confirming the login on the old device

  1. You have stored an alternative login method such as SMS, call or HW token.
  2. You connect your old device to the Internet via a WLAN, for example, and receive your push message if you have set this up.
  3. If you are unable to establish an Internet connection on the old device, please follow the steps below:

As soon as you reach the login screen where a number is displayed, please click on "I cannot use my Microsoft Authenticator app right now"

 

first screen

Then click on "Use a verification code"

selection

You can find the verification code by opening your Authenticator app and selecting your Uni Basel account.

The verification code will then be displayed. No internet connection is necessary.

OTP

Once you have successfully registered, you can remove your old login method via "Delete" (1) and add the authenticator on your new device via "Add sign-in method" (2).

You can find detailed instructions here: https://its.unibas.ch/de/tsl

security info

FAQ's for "Two-Step Login

Do I have to secure my group mailbox/function mailbox with Two-Step as well?

The two-step login procedure is only intended for personal user accounts. So called. Group mailboxes and/or functional mailboxes are not affected and do not require a two-step.

SHOW ANSWER
SHOW QUESTION
I don't own a smartphone or I don't want to register my private mobile number. What can I do?

You can also use your workplace number for verification by means of a telephone call. If this is not possible, please contact the ITS ServiceDesk (+41 61 207 14 11).

SHOW ANSWER
SHOW QUESTION
I have forgotten my smartphone/mobile device. What do I have to do?

Contact the ITS Service Desk (+41 61 207 14 11).

SHOW ANSWER
SHOW QUESTION
I have selected the 'Call' option but I am not receiving any calls. What could be the cause?

Check that you do not have a call barring function active for advertising calls. Temporarily deactivate the barring and try the function again. If you now receive the call, make the necessary adjustments to the barring.

SHOW ANSWER
SHOW QUESTION

Service Desk

IT-Services
Spitalstrasse 41, 3rd Floor
CH-4056 Basel
Phone +41 61 207 14 11
E-mail support-its@unibas.ch