Two-Step Login
With your Unibas account, you have access to the network and applications of the University of Basel 365 days a year and around the clock.
In doing so, you may use applications and process data with increased protection requirements, which is why the 'Two-Step Login' is introduced for all user accounts.
- Read which methods are available for authentication.
- Select your preferred method. The 'Best Practice' can help you with the selection.
- Activate your account and configure the methods you want.
Here you can go directly to the quick guides for activating 'Two-Step Login'.
- For smartphone users, the PUSH method is the most convenient way to use 'Two-Step Login'. By simply confirming the request, the users can perform the authentication.
- It is also recommended that smartphone users store their mobile number. This makes it easier to change their smartphone.
- Store your Unibasel phone number. This will enable you to perform 'Two-Step Login' even if your smartphone/mobile device is not operational.
- If you have access to other phone numbers (e.g. a second phone number at work or at home), you can also store these as additional numbers.
- If you have several smartphones or tablets in use, install the Authenticator app on these devices as well.
Short and sweet
- From 27 February 2023, if you use the Microsoft Authenticator App, you will also need to enter a 2-digit number before authorisation.
- If you use another Two-Step Login method (2FA) (e.g. 6-digit OTP code, hardware token in credit card format, SMS code, other Authenticator App), nothing will change for you.
- Likewise, Microsoft has discontinued support for the Apple Watch for security reasons as of January 2023. If you have been using it until now, you will need to deactivate the Authenticator App for Apple Watch.
Details and background information
Since the beginning of 2022, we have been using two-step login (2-factor login or multifactor authentication) at the University of Basel. We are pleased to report that there have been no successful phishing attacks on services protected with Two-Step-Login since its introduction.
One of the most convenient and popular two-step login methods is the so-called push notification with the Microsoft Authenticator app on the smartphone.
Cybercriminals have also upgraded and are trying to circumvent the Two-Step-Login. In this so-called "MFA Fatigue Attack" (also called "MFA Prompt Bombing"), the user is harassed by means of multiple repeated requests until finally such an annoying request is confirmed by mistake.
This YouTube video shows an example of this: https://youtu.be/wHhbWUXx95U
To counteract such attacks, the push notifications of our two-step login will be changed to the "number matching" procedure from 27 February 2023.
What does this mean for you as a user?
Make sure you have the latest version of the Microsoft Authenticator app installed on your smartphone. Only the latest versions will support the number-matching process.
You will need to enter a two-digit number, which will be displayed when you log in, into the Authenticator app before confirmation. This ensures that confirmation can only take place if you know this additional number.
Instructions for changing the device
- You want to change your device or have already done so.
- You currently still have access to your old device
- You have stored another login method such as SMS, call or HW token
If you no longer have access to your old device, it is no longer possible to change it yourself; in this case, please contact the Service Desk. You have 2 options to make the reset as quick as possible:
- You can contact us by telephone on +41 61 207 14 11 please have your Unicard ready for identification
- You can request a 2-step reset by e-mail, please send us your request and a scan/photo of the Unicard or a valid ID card
| Browser | Name | Windows key command | MacOS key command |
| Safari | Private Browsing | Command⌘+Shift+n | |
| Google Chrome | Incognito | Ctrl+Shift+n | ⌘+Shift+n for Mac |
| Firefox | Private Browsing | Ctrl+Shift+p | ⌘+Shift+p for Mac |
| Edge | InPrivate Browsing | Ctrl+Shift+n | ⌘+Shift+p for Mac |
| Opera | Private Tab / Private Window | Ctrl+Shift+n | ⌘+Shift+n for Mac |
| Brave | Private Browsing | Ctrl+Shift+n | ⌘+Shift+n for Mac |
| Internet Explorer | InPrivate Browsing | Ctrl+Shift+p | ⌘+Shift+p for Mac |
Preparation
Make sure that the Microsoft Authenticator app is installed on your smartphone or install the app from the relevant app store:
- iPhone/iPad, iOS 11.0 is required: https://app.adjust.com/h66ftb_42hbak?campaign=appstore_ios&fallback=https://itunes.apple.com/app/microsoft-authenticator/id983156458
- Android, version 6 is required: https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=de_CH&gl=US
Other apps can also be used as an alternative to the MS Authenticator app.
- Authy: Apple App Store / Google Play Store
- Google Authenticator: Apple App Store / Google Play Store
- FreeOTP Authenticator: Apple App Store / Google Play Store
- Lastpass: Apple App Store / Google Play Store
These apps do not offer all the functionalities of the MS Authenticator app (push method). Support for the use of these alternative apps cannot be guaranteed by IT Services.
Activation
- Open a new 'private' window in your browser (the name and procedure differ depending on the Internet browser you are using).
- Copy and open the following link in the private browser window: https://aka.ms/mfasetup
- You will be redirected to the Microsoft login portal.
- Identify yourself with your Unibas e-mail address on the Microsoft login portal.
- You will be redirected to the University of Basel login screen.
- Enter your password.
- Confirm your login on your old device.
You have several options for confirming the login on the old device
- You have stored an alternative login method such as SMS, call or HW token.
- You connect your old device to the Internet via a WLAN, for example, and receive your push message if you have set this up.
- If you are unable to establish an Internet connection on the old device, please follow the steps below:
As soon as you reach the login screen where a number is displayed, please click on "I cannot use my Microsoft Authenticator app right now"
Then click on "Use a verification code"
You can find the verification code by opening your Authenticator app and selecting your Uni Basel account.
The verification code will then be displayed. No internet connection is necessary.
Once you have successfully registered, you can remove your old login method via "Delete" (1) and add the authenticator on your new device via "Add sign-in method" (2).
You can find detailed instructions here: https://its.unibas.ch/de/tsl
FAQ's for "Two-Step Login
You can use an alternative TOTP-enabled authenticator app (e.g. FreeOTP, Google Authenticator). With these apps, only authentication with the software token is available to you.
Of course, you can also choose authentication with SMS.
- Close the window.
- Open a new 'private' window in your browser (names and procedure differ depending on the internet browser you are using).
- Copy and open the following link in the private browser window: https://aka.ms/mfasetup.
- You should now be directed correctly.
The following listing represents the standard for CH contracts, please check with your personal contract. The following are common:
SMS: No costs for receiving the message.
Software token: No data connection is required, therefore no costs.
PUSH: A data connection (WLAN or data network) is required. The costs depend on your mobile phone subscription, but the amount of data required is minimal.
Contact the ITS Service Desk (+41 61 207 14 11).
A replacement card can be issued. This costs 20.- and must be collected in person from the ServiceDesk.
Service Desk
IT-Services
Spitalstrasse 41, 3rd Floor
CH-4056 Basel
Phone +41 61 207 14 11
E-mail support-its@unibas.ch