Later this month, OIT will enable several new features in Duo to provide additional account protection. The first three changes pertain to the device enrollment portal and add new designs, features, and protection.
First, you will notice a new look and feel. It will still allow you to select the authentication method as it does today and has an improved layout and design.
Secondly, you will receive a different Duo authentication prompt before accessing the enrollment portal. When you attempt to access the portal, a 6-digit code will appear on the screen. You will need to launch the Duo mobile app and enter the code displayed on the browser. That replaces the default push notification with a feature called Verified Duo Push. The displayed code provides additional protection against another individual adding authorized Duo devices to your account without your knowledge. For increased protection, the Duo mobile passcode will not allow access to the device management portal.
Finally, support for biometric authentication will also be enabled. Mac devices have this built-in by default. For Windows devices, you will be able to enroll in biometric authentication using the Windows Hello feature. We strongly encourage everyone to enroll multiple devices into Duo and to utilize the Duo mobile application.
Later this summer, we will add another layer of protection by eliminating the use of the passcode feature and several older models of hardware tokens. These two features are based on an older security model that is being replaced with a new encryption method. Since the current passcode feature is in use, we are doing additional planning prior to disabling this option.
The exact date of each change will be announced in our weekly change management notification.