Skip to main content

Cornell University

IT@Cornell

Latest News

''

Cornell will soon begin rolling out Duo’s Verified Push feature after a pilot phase with CIT staff and IT Service Group Directors. 

In the next several weeks, Verified Push will be enabled first for university employees in administrative units, followed by a rollout to those in academic units including departmental staff, researchers, and faculty.

What Should I Expect?

After November 7, if you use Duo Push when logging in to a Cornell web application, the Duo prompt in your browser will include a three-digit code.

Your Duo Mobile app will now include a field to enter the provided code. Simply enter the code, then touch Verify to complete the verification.

Verified Push does not increase how often you need to use Duo Mobile to verify your logins – it just adds the requirement to enter the three-digit code.

This change will not affect logins to CUVPN, SSH, RDP or other non-web applications.

Two-Step Login process with Duo Verified Push showing Duo prompt providing a three-digit number beside an image of the Duo Mobile app with a three-digit field for entering that number


Why Is Cornell Making This Change – and Why Now?

Cornell recently intercepted a wave of payroll theft attempts. This put a spotlight on the very real threat of “push fatigue” and “push harassment” attacks. Adding Verified Push to Two-Step Login is an effective response that will require little extra effort during the authentication process. 

Verified Push is already in use by CIT, the IT Service Group directors, Weill Cornell Medicine, and is in use at other major institutions, with no adverse impact. It has become the new minimum standard for security.

  • You will likely not notice this change if you use Secure Connect when logging into your device or Cornell IT services but will encounter it on devices that do not have Secure Connect enabled.
  • You may notice this change when you are required to login to services such as Outlook that use Microsoft authentication, or when logging in using a new device or browser.
  • Contact the IT Service Desk if you encounter issues with this change.

Be Prepared for Future Changes

While other Duo authentication methods continue to be available, Cornell will be moving away from the Duo Phone call and SMS passcode methods in the future. If you regularly use either, you are strongly encouraged to move to Secure Connect or use the Duo Mobile app on mobile devices.

Tags

Two-Step Login
duo verified push
Duo
cybersecurity
two-factor authentication

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.