The DotCIO rolled out Multi-Factor Authentication (MFA) with Duo security in 2021 which has significantly decreased the instances of compromised accounts. However, adversaries/hackers continue to evolve their techniques which has resulted in individuals receiving sophisticated phishes and given up credentials including Duo passcodes. In addition, individuals have also approved Duo pushes they shouldn’t have as hackers initiated the push.
Duo verified push, also known as number matching and phish-resistant MFA, is meant to help mitigate these risks. For preparation and testing, the DotCIO team has been using this method with great success. We will be turning this method on for all students, faculty and staff on Wednesday June 7, 2023. Please reference the Duo Mobile – Using Verified Push article.
This change only impacts the Duo mobile app. Phone calls and text messages are not impacted, although at some point these options will be retired. Hardware tokens are also not impacted.
Any problems, questions, and general feedback, please submit a Support Request via ITSSC.