Staff get additional protection against unsolicited Duo pushes
On Tuesday, August 1, University Information Technology Services (UITS) will add an extra level of security for Two-Step Login for all full-time IU staff. Duo Verified Push will be enabled for services including IU Login and IU Azure (Microsoft 365).
What staff will see
When staff log in to an application that uses Duo Verified Push, they will see a three-digit number. They then enter those numbers into their Duo Mobile app on their authentication device (usually a smart phone) to approve the push. By using the “Remember Me” checkbox, they will not be asked for another verified push for 30 days on that device.
Duo Verified Push provides additional protection against attackers sending unsolicited Duo pushes trying to gain access to IU staff accounts. Because of the added level of security, Duo Verified Push lets staff stay logged in to their devices for a longer period (up to 30 days).
For old or outdated devices, the University Information Security Office encourages staff to upgrade their phone, request a single-button hardware token, or request an exception from the migration to Duo Verified Push from their IT Pro or the UITS Support Center. To log in with Duo Verified Push, staff will need:
Duo mobile version 4.16.0 or later on Android 8 or later
Duo mobile version 4.17.0 or later on iOS 13 or later
If staff have an existing exception to messages or phone calls to log in with Duo, they can disregard emails about Duo Verified Push as no change is required for their devices for now.