Latest News
Cornell is in the process of rolling out Duo’s Verified Push feature after a pilot phase with CIT staff and IT Service Group Directors.
During November and December 2024, Verified Push will be enabled first for university employees in administrative units, followed by a rollout to those in academic units including departmental staff, researchers, and faculty.
What Should I Expect?
After Duo Verified Push has been enabled for your account, when you use Duo Push to log into a Cornell web application:
- The Duo prompt in your browser will include a three-digit code.
- Your Duo Mobile app will include a field to enter the provided code. Simply enter the code, then touch Verify to complete the verification. (Never enter digits that were not provided by the Duo Prompt during a website login that you initiated.)
- Verified Push does not increase how often you need to use Duo Mobile to verify your logins – it just adds the requirement to enter the three-digit code.
This change will not affect logins to CUVPN, SSH, RDP or other non-web applications.
Why Is Cornell Making This Change – and Why Now?
Cornell recently intercepted a wave of attempts to bypass two-step protections against a sensitive system. This put a spotlight on the very real threat of “push fatigue” and “push harassment” attacks. Adding Verified Push to Two-Step Login is an effective response that will require little extra effort during the authentication process.
Verified Push is already in use by CIT, the IT Service Group directors, Weill Cornell Medicine, and is in use at other major institutions, with no adverse impact. It has become the new minimum standard for security.
- You are unlikely to notice this change if you are using Secure Connect to log into your device and Cornell web services.
- You will notice this change when using devices or browsers that do not have Secure Connect enabled, and when you log in to services such as Outlook that use Microsoft Azure authentication.
- Contact the IT Service Desk if you encounter issues with this change.
Be Prepared for Future Changes
While other Duo authentication methods continue to be available, Cornell will be moving away from the Duo Phone call and SMS passcode methods in the future.
If you regularly use either, you are strongly encouraged to move to Secure Connect or Duo Mobile app on mobile devices. Watch a short video walk-through about setting up Secure Connect on Cornell-managed devices.
Comments?
To share feedback about this page or request support, log in with your NetID