Two-Step Login

With your Unibas account, you have access to the network and applications of the University of Basel 365 days a year and around the clock.

In doing so, you may use applications and process data with increased protection requirements, which is why the 'Two-Step Login' is introduced for all user accounts.

  • Read which methods are available for authentication.
  • Select your preferred method. The 'Best Practice' can help you with the selection.
  • Activate your account and configure the methods you want.

Here you can go directly to the quick guides for activating 'Two-Step Login'.



  • For smartphone users, the PUSH method is the most convenient way to use 'Two-Step Login'. By simply confirming the request, the users can perform the authentication.
  • It is also recommended that smartphone users store their mobile number. This makes it easier to change their smartphone.
  • Store your Unibasel phone number. This will enable you to perform 'Two-Step Login' even if your smartphone/mobile device is not operational.
  • If you have access to other phone numbers (e.g. a second phone number at work or at home), you can also store these as additional numbers.
  • If you have several smartphones or tablets in use, install the Authenticator app on these devices as well.
Short and sweet
  •     From 27 February 2023, if you use the Microsoft Authenticator App, you will also need to enter a 2-digit number before authorisation.
  •     If you use another Two-Step Login method (2FA) (e.g. 6-digit OTP code, hardware token in credit card format, SMS code, other Authenticator App), nothing will change for you.
  •     Likewise, Microsoft has discontinued support for the Apple Watch for security reasons as of January 2023. If you have been using it until now, you will need to deactivate the Authenticator App for Apple Watch.
Details and background information

Since the beginning of 2022, we have been using two-step login (2-factor login or multifactor authentication) at the University of Basel. We are pleased to report that there have been no successful phishing attacks on services protected with Two-Step-Login since its introduction.
One of the most convenient and popular two-step login methods is the so-called push notification with the Microsoft Authenticator app on the smartphone.

Cybercriminals have also upgraded and are trying to circumvent the Two-Step-Login. In this so-called "MFA Fatigue Attack" (also called "MFA Prompt Bombing"), the user is harassed by means of multiple repeated requests until finally such an annoying request is confirmed by mistake.
This YouTube video shows an example of this:

To counteract such attacks, the push notifications of our two-step login will be changed to the "number matching" procedure from 27 February 2023.

What does this mean for you as a user?

Make sure you have the latest version of the Microsoft Authenticator app installed on your smartphone. Only the latest versions will support the number-matching process.

You will need to enter a two-digit number, which will be displayed when you log in, into the Authenticator app before confirmation. This ensures that confirmation can only take place if you know this additional number.

Bild Anmeldung PC mit Nummer
Bild Nummer in Authentificator App

FAQ's for "Two-Step Login

My smartphone is not supported by the Microsoft Authenticator app. What can I do?

You can use an alternative TOTP-enabled authenticator app (e.g. FreeOTP, Google Authenticator). With these apps, only authentication with the software token is available to you.

Of course, you can also choose authentication with SMS.

The 'Activation' takes me to the portal ''. How do I get to the activation?
  • Close the window.
  • Open a new 'private' window in your browser (names and procedure differ depending on the internet browser you are using).
  • Copy and open the following link in the private browser window:
  • You should now be directed correctly.
What are the costs for me as a user?

The following listing represents the standard for CH contracts, please check with your personal contract. The following are common:

SMS: No costs for receiving the message.

Software token: No data connection is required, therefore no costs.

PUSH: A data connection (WLAN or data network) is required. The costs depend on your mobile phone subscription, but the amount of data required is minimal.

What should I do if I lose my HW token?

Contact the ITS Service Desk (+41 61 207 14 11).

A replacement card can be issued. This costs 20.- and must be collected in person from the ServiceDesk.


Service Desk

Spitalstrasse 41, 3rd Floor
CH-4056 Basel
Phone +41 61 207 14 11