Two-Step Authentication (also known as 2-step authentication, or 2SA) is an industry standard that adds a second layer of security to help prevent anyone other than you from accessing your sensitive information. This is accomplished using two types of authentication to verify your identity when logging into a system - something you know (username\password) and something you have (phone or a token). This helps prevent someone from logging in to your account, even if they know your password.


Why is this so important? Passwords can be stolen or compromised through phishing, cracking, guessing, or malware. Kutztown has seen a sharp rise on the number of attempts to steal user credentials over the last few years. Stolen credentials are often used to access and acquire data, send out SPAM, and to trick others by sending email from a trusted account.


What are the options for 2SA?

  1. The Microsoft Authenticator App as the easiest and quickest way to verify your account. This app works well in areas that do not provide good cellular or wireless service. Click here for instructions on setting up and using Microsoft Authenticator.
  2. Text message (SMS)
  3. Phone call
  4. Hardware token


KU IT recommends using a PIN, swipe, or biometrics to login to your phone to protect access to your second factor authentication method

Enroll Your Device

Make sure you have a reliable Internet connection, a desktop or laptop and your mobile phone on hand before you start this process.


  1. On a desktop or laptop, go to aka.ms/mfasetup and login with your KU email and password.

  2. In the "How should we contact you?" section, choose "Mobile App" from the drop down menu.

  3. Select "Receive notifications for verification."

  4. Select the Set Up button and follow the steps to download and set up the mobile app.  Select "Next."

  5. On the additional security verification screen, click "Next." An approval push notification will be sent through the app to complete the process.

  6. Enter your 10 digit mobile phone number as your additional security verification.

  7. Click "Done" to complete the registration process.

  8. On the summary page, verify the security information. You can safely close this window.


Frequently Asked Questions (FAQs)

Do I need a smartphone?

No, text messages, phone calls, and hardware tokens will all work without a smartphone. If you would like to learn more about hardware tokens, please contact the IT Help Center.


How long does it take to setup?

Setting up 2SA for the first time only takes about 2-3 minutes.


Will I need to use 2SA every time I login?

2 Step Authentication policies are developed to balance the safety and security of the University with availability to University resources. Depending on the type of resource you are accessing and your location, 2SA may only need to be used occasionally.


What if my phone is stolen?If your phone is missing or stolen, contact the IT Help Center immediately. Your phone can be removed and temporary access can be granted until the phone is replaced.


How can I use 2SA if I don't have a good cell phone signal or WiFi?

If you have wifi, but no cellular signal, the Microsoft Authenticator app push notifications work well. If there is no wifi or cellular signal, using Microsoft Authenticator app passcodes also works.


What if my phone is broken or needs to be replaced?

KU IT Help Center can help you bypass 2SA or issue a temporary security token until your phone is replaced. Once your phone has been replaced use the Duo Self Service Portal by logging in at https://app.kutztown.edu/2sa and selecting “My Settings & Devices” found under the KU Logo.


I got a new phone with the same number. What should I do?

If your phone has been replaced, but you have the same phone number, log in to the Microsoft Authentication Portal to re-register your Microsoft Authenticator app on your new phone. Please note that 2SA will still work with text and phone call options. 

  1. Login here to re-register your new phone with the Microsoft Authenticator app.
  2. When asked to Approve sign in request, select Sign in another way and Text or Call.  
  3. Select Set up Authenticator app and follow the instructions


What if I am traveling out of the country?

The Microsoft Authenticator app provides 6-digit passcodes that work while you are in areas that have little or no connectivity. If a smartphone with the Authenticator app is not an option, you can request a security token from the IT Help Center before your departure.