Skip to header Skip to Content Skip to Footer

Important Updates to Duo Two-Factor Authentication (2FA) Coming Jan. 27

We're excited to share some important updates to Duo two-factor authentication (2FA), aimed at enhancing security across our campus. These updates include the introduction of Duo Verified Push and improvements to Duo Passcodes, both of which are designed to provide better protection for your account and data.

Introducing Duo Verified Push

On Jan. 27, 2025, we will implement Duo’s Verified Push. This update strengthens campus security by prompting you to enter a six-digit code during authentication. As an added benefit, we are also reducing the number of Duo prompts you receive, making the login process both safer and more convenient!

Duo Verified Push Experience

When you log in and are prompted for two-factor authentication (2FA), you will see a code on your device. Enter that code into the Duo prompt, verify, and you're all set. For a hands-on experience, you can try the interactive demo!

Please note that you won't need to enter a code for non-browser applications like logging into Windows or Mac. These will continue to use Duo's traditional push method.

Why Transition to Duo Verified Push?

Duo's Verified Push combats 2FA fatigue attacks by requiring users to actively engage in the authentication process by entering a code, making unauthorized access much harder for attackers.

In a fatigue attack, a malicious actor repeatedly sends Duo push requests, hoping you'll accidentally approve one, granting them unauthorized access to your account. Duo Verified Push strengthens your account's security, ensuring it remains protected from such attacks.

What Do You Need to Do?

The transition to Duo Verified Push is automatic. However, please ensure you have the Duo Mobile app updated to the recent version. Below are the required versions: 

  • Android: Duo version 4.16.0 or later (Android 10+).
  • iOS: Duo version 4.17.0 or later (iOS 13+ or WatchOS 4.0+).

These updates are intended to safeguard your accounts and information from new cyber threats and to counteract the latest tactics, techniques, and procedures used by threat actors.

Duo Passcode Improvements

Alongside the implementation of Duo's Verified Push, we are also boosting the security of our Duo Passcode method by transitioning to time-limited, one-time-use passcodes on Jan. 27. This update will generate a new passcode every 30 seconds, making it more difficult for attackers to reuse old passcodes and thereby enhancing overall security.

What Do You Need to Do?

The Duo Passcode improvements are automatic. However, please ensure your Duo Mobile app is updated to version 4.49 or later.

Additional Information

We appreciate your understanding as we implement these important security enhancements. Please visit our IT Security Updates and Information Sharepoint page for more information.

Thank you for helping us keep our campus secure!


top