Starting Tuesday, February 13, University Information Technology Services (UITS) will begin rolling out an extra level of security for Two-Step Login for all IU faculty, affiliates, students, and any remaining staff who were not included in previous rounds of expansion. This will happen in phases, with others being added over the following weeks. Duo Verified Push will be enabled for services including IU Login and IU Azure (Microsoft 365).
What users will see
When an IU computing account logs in to an application that uses Duo Verified Push, the user will see a three-digit number. They then enter those numbers into their Duo Mobile app on their authentication device (usually a smart phone) to approve the push. By using the “Remember Me” checkbox, they will not be asked for another verified push for 30 days on that device.
Duo Verified Push provides additional protection against attackers sending unsolicited Duo pushes trying to gain access to IU computing accounts. Because of the added level of security, Duo Verified Push lets users stay logged in to their devices for a longer period (up to 30 days).
For old or outdated devices, the University Information Security Office encourages users to upgrade their phone, request a single-button hardware token, or request an exception from the migration to Duo Verified Push from their IT Pro or the UITS Support Center. To log in with Duo Verified Push, users will need:
Effective February 8, Duo mobile version 4.16.0 or later on Android 11 or later will be the minimum supported versions.
Effective February 8, Duo mobile version 4.17.0 or later on iOS 15 or later will be the minimum supported versions.
If users have an existing exception to messages or phone calls to log in with Duo, they can disregard emails about Duo Verified Push as no change is required for their devices for now.