OFFICE OF THE CHIEF INFORMATION SECURITY OFFICER

OFFICE OF THE CHIEF INFORMATION SECURITY OFFICER,
UC SAN DIEGO HEALTH 

January 9, 2026

Alternate text

ALL ACADEMICS, STAFF, AND STUDENTS AT UC SAN DIEGO, INCLUDING UC SAN DIEGO HEALTH

Retirement of Text Message (SMS) Option for Duo Two-Step Login

Dear UC San Diego Community, 

To help safeguard your accounts and university data, UC San Diego will begin retiring the text message (SMS) passcode option for Duo two-step login. This change is part of our ongoing commitment to protecting our community from modern cyber threats while maintaining a smooth and supportive user experience.  

SMS codes have become increasingly vulnerable to attacks such as SIM swapping, message interception, and phishing. By moving to stronger, phishing-resistant methods like Duo Push, we are making two-step login safer and simpler for everyone. 

What’s Changing

  • What: The text message (SMS) authentication option in Duo will be retired.
  • When: Deprecation for campus users will occur in waves and will take place between late January 2026 through April 2026. Impacted users will be notified via email regarding the timeframe of their transition.
  • Who: All UC San Diego students, academic employees, and staff who currently use SMS codes for Duo authentication. All UC San Diego Health employees who currently use SMS codes for Campus Duo and/or Health Duo authentication.
  • Where: This applies to all UC San Diego applications currently requiring Duo authentication.

How to Prepare

If you currently use text message codes (SMS) as your second login factor, please update your Duo authentication method before your scheduled phaseout:

  1. Set up Duo Push (recommended)
    1. Download the Duo Mobile app on your smartphone or tablet (if you have not done so already).
    2. When prompted to authenticate, choose “Send Me a Push” and tap “Approve” on your device.
  2. For those using the Campus Duo instance for accessing services (such as UCPath): If you don’t have a smartphone or are unable to use it, you can request a hardware token that generates secure passcodes.
    1. Request a token via the ITS Service Desk
      1. Hardware tokens cannot be used to connect to UC Health VPN network or applications.
      2. Hardware tokens are only available for Campus users connecting to the campus VPN network and applications.
  3. Need guidance?
    1. Visit twostep.ucsd.edu for setup instructions and FAQ

Our Commitment to Support

We’re here to ensure your transition is smooth, supported, and straightforward.

  • You’ll receive advance notice and step-by-step instructions before the SMS passcode option is turned off for your account.
  • Service Desk and IT Support are available to walk you through the process.
  • Exceptions can be made in specific cases where accessibility or technology limitations exist.

Why This Matters

This proactive change aligns with our goal to reduce identity-based cybersecurity risks. By retiring SMS, we’re taking a meaningful step towards a safer, more resilient digital environment for everyone at UC San Diego.

Questions and Support

If you have questions or need help transitioning to a new Duo method, please contact:

  • ITS (Campus) Service Desk:
    • Web portal: support.ucsd.edu/its
    • Email: support@ucsd.edu
    • Phone: (858) 246-4357
  • Health Service Desk
    • Web portal: 3help.ucsd.edu
    • Email: 3help@health.ucsd.edu
    • Phone: (619) 543-4357

Thank you for helping us protect our university community. Together, we’re building a safer digital campus. Wishing you a successful and rewarding year ahead.

Best regards,

Arlene Yetnikoff
Chief Information Security Officer, UC San Diego

Scott Currie
Chief Information Security Officer, UC San Diego Health

University of California San Diego, 9500 Gilman Drive, La Jolla, CA, 92093