IT Professionals:
What’s changing? On Tuesday, February 13, 2024, Indiana University will enable a final round of expansion for Duo Verified Push. This will affect all remaining users who access services requiring a universal Duo prompt (such as IU Login).
When individuals log into an application that uses Duo Verified Push, they will see a three-digit number on the screen of the device they’re using to log in. They will then need to enter those three numbers into the Duo Mobile app on their authentication device to approve the push. To see what this interaction looks like, view the interactive demo provided by Duo.
The extra security of Duo Verified Push will allow you to remember a trusted (non-shared) device so that you only need verify a push request once every 30 days, instead of every 7 days.
Who is impacted? This change will affect all faculty, students, affiliates, and any remaining IU staff who were not included in previous rounds of expansion. This is the conclusion of the rollout, which began with UITS staff in May and expanded to all IU staff in August. The impacted individuals will be contacted with a targeted notice during the first week of February. Monitor articles will be sent to all faculty and staff on January 10 and January 24.
Who is NOT impacted? This deployment will not include retirees, group accounts, anyone who has an exception on file, or those who are already enrolled (that is, those who opted in early).
Why the change? Duo Verified Push provides additional protections against attackers sending unsolicited pushes trying to gain access to accounts of targeted individuals. This tactic is an emerging threat that we have seen widely used over the past year at IU.
Can my clients request an exemption? Clients may request an exception through the Duo Verified Push Exclusion Form. Reasons for an exemption include accessibility concerns and owning an outdated device that is unable to handle Duo Verified Push.
For more information about Duo Verified Push, including how to opt in, refer to Log in with Duo Verified Push.
For questions, please email the University Information Security Office at uiso@iu.edu.
–IT Community Partnerships on behalf of University Information Security Office