Cisco Duo Security Update—Now with Verified Duo Push!

Duo Verified Push Starts Today

Starting today, SMU requires a Verified Push from Duo Security when accessing the majority of SMU services protected with Duo multi-factor authentication (MFA).

Cisco Duo Logo (2 color)Malicious actors have taken advantage of push harassment and fatigue to exploit weaknesses in security features. To combat this nuisance, the new Verified Push requires you to enter a six-digit numeric code with any push notification. By using a verification code, we ensure only verified users can log in and reduce the chances of someone absent-mindedly accepting a push they did not request. The Verified Push will increase the protection of our MFA solution and help protect your accounts from unauthorized access.

Duo’s Verified Duo Push example
Duo’s Verified Duo Push

These Push Notifications arrive on your phone or other authentication device but with a new prompt to enter the unique code. It is important to remember not to provide the unique code to anyone! When the bad actors cannot enter the unique code in the Duo app, the attack is immediately stopped, and they do not gain access to the campus network and resources.

For more information on the Duo Verified Push, please review Duo Verified Push Notifications Further Secure SMU Accounts on the IT Connect blog.

We also recommend that users take advantage of the trust feature to reduce the number of times needed to verify with Duo. When using the “trust browser” option, users will not have to enter the Duo Verified Push codes within that device’s browser for a full 30 days, saving time and the need to reverify. Of course, always make sure that it is a device you actually trust and not one used by others, like a public-use computer in a lab or café, a friend’s laptop, or any other shared device.

For more information on this option, please see Quick Tip: Trusting a Device in Duo on the IT Connect blog.

Please note that other authentication methods, like a hardware token or other hardware authentication device, will continue functioning as usual. However, the manual passcode function, as of today, will no longer work.

If you ever have any questions or need assistance with Duo Security, please contact the IT Help Desk directly at 214-768-HELP (4357), as they will need to verify your identity. Due to security, Duo accounts cannot be handled via email.

UPDATE 10/30/2023: Clarified Verified Duo Push was not enabled for all services.

Print Friendly, PDF & Email

Published by

Ian Aberle

Ian Aberle is an Adobe Creative Educator and the Senior IT Communications Specialist & Trainer for the Office of Information Technology (OIT). For over 25 years, he has helped the SMU community use technology and implement digital and web media through multiple roles with the Digital Commons, SMU STAR Program, and now OIT. Ian enjoys photography and road trips with his family in his free time.

IT Connect is published by the Office of Information Technology at Southern Methodist University.


Office of Information Technology
Copyright © Office of Information Technology, SMU
smu.edu/help  | 214.768.HELPhelp@smu.edu