Malicious actors have taken advantage of push harassment and fatigue to exploit weaknesses in security features. To combat this nuisance, the new Verified Push requires you to enter a six-digit numeric code with any push notification. By using a verification code, we ensure only verified users can log in and reduce the chances of someone absent-mindedly accepting a push they did not request. The Verified Push will increase the protection of our MFA solution and help protect your accounts from unauthorized access. Continue reading Duo Verified Push Starts Today
Last week, OIT notified the campus of a successful phishing campaign targeting the SMU community. In this campaign, we noted that cybercriminals had begun using a new technique where they repeatedly send Duo requests to users who have shared their username and password to annoy users into approving the two-factor request.
This technique, referred to as “MFA fatigue,” has become increasingly common, and over the next several weeks, OIT will begin implementing measures to combat this trend. In the meantime, we recommend you take the following actions if you notice something suspicious: Continue reading Protect Yourself: Fighting MFA Fatigue
In an effort to strengthen password security, starting December 19, 2022, any new password may not contain all or part of the user’s account name, common passwords, or words related to an SMU campaign that are vulnerable to password-guessing attacks. Continue reading University Moves to Restrict Common Words for Passwords
On Tuesday, January 4, 2022, a security change was made in Duo, preventing the “call me” or SMS passcode options by the SMU community, as these factors were susceptible to vulnerability and fraud.
How does that apply to me?
An alternate method for two-factor authentication is now required, either by using a hardware token or by installing the Duo Mobile app on your mobile device.
If you previously used the “call me” or SMS passcode options as your primary method to two-factor, please complete the following steps: Continue reading Recent Changes Made to Duo Security
The Verge is reporting this week that the web host and domain registrar GoDaddy is dealing with the fallout of a recent security breach that resulted in the exposure of over one million customer email addresses. This breach primarily affected customers of GoDaddy’s WordPress blog hosting services. GoDaddy has stated that the hackers utilized a compromised password to gain access, which is all too common with the proliferation of phishing scams and other nefarious methods. Continue reading GoDaddy Customer Email Addresses Compromised in Recent Breach