OFFICE OF THE CHIEF INFORMATION SECURITY OFFICER, UC SAN DIEGO
October 25, 2022
ALL ACADEMIC EMPLOYEES, STAFF AND STUDENTS AT UC SAN DIEGO (Including UC San Diego Health)
Retirement of Phone Callback Option from Duo Two-Step Login
As announced in our October 17 campus notice, UC San Diego has recently experienced an increase in phishing attacks that seek to exploit the phone callback option for two-step login (provided by Duo Security).
To reduce the possibility of further incidents, the callback option for Duo two-step login will be progressively retired between November 2022 and March 2023 for all UC San Diego students, academic employees, and staff, including UC San Diego Health personnel. Please note that UC San Diego Health has already fully discontinued the phone callback option for Health-specific applications. Read more about Health personnel using two-step login to access campus resources at twostep.ucsd.edu.
Please read the following information so you’ll be prepared and can seamlessly access critical services like Canvas, My Tritonlink, Ecotime, UCPath and more.
Duo Phone Callback Phased Retirement Schedule (Based on Six-Month History) Phasing out Duo phone callbacks will be conducted on the following schedule, depending on whether or not you’ve received a Duo phone callback in the past six months:
Academic employees, staff and students who have not received a Duo phone callback in the past six months - November 8, 2022
New users (i.e., new academic employees, staff and students) - November 8
Academic employees and staff only who have received a Duo phone callback in the past six months
November 8 (last names A - B)
November 15 (last names C - G)
After November 15, Duo phone callback retirements will be paused until mid-January in order to avoid disruptions during the remaining weeks of instruction and finals week. Phone callback retirement dates for remaining academic employees, staff, and all students will be announced in coming weeks. Duo phone callbacks for all users will be retired by March 2023.
Preparing for the Transition: Add Another Device for Two-Step Login All users, and especially those who regularly use Duo phone callbacks, can prepare for the transition by reading the Knowledge Base Article “Add Another Device for Two-Step Login” (KB0030104) at support.ucsd.edu.
Push Notifications as Preferred Authentication Method Receiving a push notification on a personal or university-issued smartphone or tablet is the simplest and most secure way to use two-step login. Tomorrow (October 26, 2022), UC San Diego users with a compatible smartphone registered for Duo, but who are not currently receiving Duo push notifications, will receive an email inviting them to do so. Note: the email will be from no-reply@duosecurity.com.
Exception Requests for Disability Purposes Individuals who require the phone callback option when a disability prevents the use of another authentication mechanism are asked to email servicedesk@ucsd.edu. Please do not include any medical or disability-related information in the request.
Questions and Support If you need further help or have specific questions about two-step login, please contact the Service Desk using one of the following methods:
