ITS is making a change on Thursday, December 19th to enhance the security of Duo push notifications.
What is Duo Push?
UConn’s online systems are protected by Duo two factor authentication (2FA). One way to authenticate your second factor (like your mobile phone) is with a push notification from the Duo Mobile app. When you are logging in to a protected online service, this notification pops up on your device, and you can click either “Approve” or “Deny.”
What’s the risk?
Duo Push can be exploited by bad actors, however, who try to trick users into accepting a push for a fraudulent login attempt. They might, for example, take advantage of “push fatigue” and hope that a user will approve a push out of habit. Another technique is to annoy users with repeated push notifications until they finally accept one.
What’s changing?
Duo offers a solution called Verified Duo Push that provides better protection from these scams. Rather than simply hitting “Accept” or “Deny,” the users enter a three-digit code displayed on their login screen into the Duo Mobile app. The additional step ensures that only the person actively logging in can approve the authentication in the app. Preview the change.
Duo Push is the recommended authentication method, and this update makes it even more secure.
For more information, contact: Technology Support Center at techsupport.uconn.edu