With malicious actors continuing to get better at exploiting weaknesses in security features, SMU will soon require a Verified Push from Duo Security to increase the protection of our push-based multi-factor authentication (MFA) solution and protect your account from unauthorized access.
With the popularity of push notifications for securing accounts, cybercriminals have begun using push harassment, the act of sending successive push notifications to annoy you enough to accept a push for a fraudulent login attempt, and push fatigue, the onslaught of constant MFA approvals causing you to pay less attention and mindlessly accept a push login—including ones from a fraudulent login attempt, to gain access to secured accounts. To combat this nuisance, the new Verified Push will require you to enter a six-digit numeric code with any push notification. By using a verification code, we ensure only verified users can log in and reduce the chances of someone absent-mindedly accepting a push they did not request.
These Push Notifications will arrive on your phone or other authentication device but with a new prompt to enter the unique code. It is important to remember not to provide the unique code to anyone! When the bad actors cannot enter the unique code in the Duo app, the attack is immediately stopped, and they don’t gain access to the campus network and resources.
Other authentication methods, like a hardware token or other hardware authentication device, will continue functioning as usual. However, the manual passcode function will no longer work once the Verified Push is enabled for campus on October 30, 2023. However, you may not see these new prompts immediately on devices where you have told Duo to “Trust this device.” Trusting a device will allow you to be able to avoid having to enter the code each time you log in on that device for 30 days.
So, be prepared when logging into SMU services by keeping your Duo device nearby! If you have any questions, as always, the IT Help Desk is here for you.
Updated with additional information: October 17, 2023