As part of our ongoing commitment to secure our systems and communications, we’re writing to announce some enhancements to both campus and health multifactor authentication (Duo) procedures. We are taking this action because increasingly the industry is seeing successful attacks that are exploiting passcodes generated through multifactor authentication apps.
To reduce the possibility of such instances, effective August 19, 2024, both campus and health IT will jointly implement a 30-second limit on passcodes that appear in the app. If the displayed passcode is not used within 30 seconds, a refreshed passcode will automatically appear in the app and be valid for another 30 seconds.
Additionally, please note that this new functionality works only using the Duo mobile app v4.49 or later. If you use a version earlier than 4.49, you’ll need to update your app in order to continue to utilize passcodes.
We recognize this change may interrupt how you authenticate using Duo. Please contact the respective campus and health service desks to explore alternative authentication methods if necessary.
Finally, as a quick reminder, we both recommend push notifications via the Duo mobile app as your primary way to authenticate.
Questions and Help
If you need further help or have specific questions about this matter, please contact the relevant service desk.
