Skip to main content
IT Service Status
IT Service Status

Duo MFA Changes Coming on July 10

Posted Date: May 20, 2024

Northwestern IT’s Multi-factor Authentication (MFA) Enhancement project is underway to better protect our community of users and systems against evolving cyberattacks designed to get through existing MFA protections. The project includes turning off the options to receive SMS text message passcodes or a phone call and enabling Duo’s new Verified Push on Wednesday, July 10.

All students, faculty, staff, and affiliates received an email announcing the upcoming changes on Thursday, May 16. There is nothing to do now for individuals already using the Duo app and running version 4.16 (or higher) on Android and 4.17 (or higher) on iOS. The user experience will remain unchanged until Northwestern IT enables Verified Push. Users can learn how to check their app version in this Knowledge Base article. To download the Duo app, visit the Apple App Store or Google Play

SMS Text Message Passcode and Phone Call Users Should Act Now

The most significant change is for anyone currently using SMS text message passcodes or phone calls to authenticate into University systems and applications. These users should switch to the Duo Mobile app as soon as possible to avoid any interruption to their access. The Northwestern IT Knowledge Base provides detailed information on transitioning from SMS text message passcodes and phone calls. Users can also contact the Northwestern IT Service Desk at consultant@northwestern.edu or 847-491-4357 (1-HELP) for assistance.

“The Duo Mobile app is the supported solution for MFA at Northwestern,” said Brandon Grill, senior director of technology planning and security in Northwestern IT. “Cybercriminals continue to innovate and refine their attempts to phish for information and credentials. As a community, we must remain vigilant and do everything we can to protect our systems and the data within them.”

What is Verified Push?

Duo MFA enhancement with code

Verified Push introduces a new verification code solution for Duo Push. It provides additional security against push harassment and fatigue attacks by asking users to enter a verification code while approving an authentication request. When enabled, users logging into an application that requires MFA will see a numeric code six digits in length in the prompt (see the sample image). This code must then be entered to approve the Duo Push request on your authentication device. This change in method ensures you cannot accidentally approve login requests.

Is Duo Push the Only Option for MFA?

As a reminder, the Duo Mobile app is the supported solution for MFA. If the Duo app cannot be used, other options are available. Learn more about alternate MFA solutions.

Support Options

Users can direct questions about MFA or switching to the Duo Mobile app to IT staff in the schools and units or to the Northwestern IT Service Desk at consultant@northwestern.edu or 847-491-4357 (1-HELP).

The University community will also receive multiple email reminders before the change takes effect on Wednesday, July 10.