Malicious actors have taken advantage of push harassment and fatigue to exploit weaknesses in security features. To combat this nuisance, the new Verified Push requires you to enter a six-digit numeric code with any push notification. By using a verification code, we ensure only verified users can log in and reduce the chances of someone absent-mindedly accepting a push they did not request. The Verified Push will increase the protection of our MFA solution and help protect your accounts from unauthorized access.
These Push Notifications arrive on your phone or other authentication device but with a new prompt to enter the unique code. It is important to remember not to provide the unique code to anyone! When the bad actors cannot enter the unique code in the Duo app, the attack is immediately stopped, and they do not gain access to the campus network and resources.
For more information on the Duo Verified Push, please review Duo Verified Push Notifications Further Secure SMU Accounts on the IT Connect blog.
We also recommend that users take advantage of the trust feature to reduce the number of times needed to verify with Duo. When using the “trust browser” option, users will not have to enter the Duo Verified Push codes within that device’s browser for a full 30 days, saving time and the need to reverify. Of course, always make sure that it is a device you actually trust and not one used by others, like a public-use computer in a lab or café, a friend’s laptop, or any other shared device.
For more information on this option, please see Quick Tip: Trusting a Device in Duo on the IT Connect blog.
Please note that other authentication methods, like a hardware token or other hardware authentication device, will continue functioning as usual. However, the manual passcode function, as of today, will no longer work.
If you ever have any questions or need assistance with Duo Security, please contact the IT Help Desk directly at 214-768-HELP (4357), as they will need to verify your identity. Due to security, Duo accounts cannot be handled via email.
UPDATE 10/30/2023: Clarified Verified Duo Push was not enabled for all services.