Skip to main content

Cornell University

About Duo Verified Push

Duo Verified Push is an additional step in the Two-Step Login process that makes your credentials, data, and site access more secure. 

This article applies to: Two-Step Login

On This Page

Learn about the Cornell rollout of Duo Verified Push in IT News!

Duo Verified Push is an additional step in the Two-Step Login process that makes your credentials, data, and site access more secure. 

The Verified push process simply adds entry of a three-digit code to Duo push authentication on your Duo Mobile app. Verified Push does not increase how often you need to use Duo Mobile to verify your logins – it just adds the requirement to enter the three-digit code. 

How Verified Push Works

If you typically use the Duo Push method when logging in to a Cornell IT service that requires Two-Step Login, the Duo browser prompt will include a three-digit code

The Duo Mobile app will include a field to enter the provided code. Simply enter the code, then touch Verify to complete the verification.

Never enter code digits that were not provided by the Duo Prompt during a website login that you initiated.
Two-Step Login process with Duo Verified Push showing Duo prompt providing a three-digit number beside an image of the Duo Mobile app with a three-digit field for entering that number

 

Will Duo Verified Push Affect My Secure Connect or Outlook Logins?

No.

If you use Secure Connect when logging into your device or Cornell IT services, it will not be affected by this change.

A login to Outlook or other Microsoft 365 services, CUView (Appspace), or other services that use Microsoft Azure authentication will generally not be affected.

However, logging in using a new device or browser, or when first logging into a service, will require Duo authentication. 

Why Is Cornell Making This Change?

Cornell recently intercepted a wave of attempts to bypass two-step protections against a sensitive system. This put a spotlight on the very real threat of “push fatigue” and “push harassment” attacks. Adding Verified Push to Two-Step Login is an effective response that will require little extra effort during the authentication process. 

Verified Push has already been enabled for CIT senior leadership, Weill Cornell Medicine, and many other major institutions, with no adverse impact, becoming the new minimum standard for security.

Can I Still Use Other Duo Methods to Authenticate?

For the time being, yes. 

For details on current Two-Step Login authentication methods available at Cornell, visit Log In Using Two-Step Login.

However, Cornell will be moving away from the Duo Phone call and SMS passcode authentication methods. If you regularly use either, you are strongly encouraged to move to Secure Connect or Duo Verified Push now.

Are There Known Issues Using Duo Verified Push?

Minimum versions of OS and Duo Mobile

You may be prompted to update your Duo Mobile app if it is an older version. Duo Verified Push requires:

  • Duo Mobile 4.16.0 or later on Android 8 or later.
  • Duo Mobile 4.17.0 or later on iOS 13 or later.

Smartwatch Users

The vendor is aware of issues using Duo Mobile and Duo Verified Push with Apple Watches. 

  • The Duo Mobile app does not use the Apple Watch keypad when asking for authentication. Depending on your version of Apple Watch, you may be able to use the smaller numeric keyboard, or the Sketch or Speak functions, to provide the verification code. 
  • Android smartwatch users may encounter similar numeric entry issues. 

All smartwatch users should be able to work around this issue by entering the verification code on their phone instead of the watch. 

Consider moving to Secure Connect if you encounter this issue with Duo Verified Push. 

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.