Skip to main content

Cornell University

When to Deny a Two-Step Login Request

If you get a request you weren't expecting, don't accept it.

This article applies to: Two-Step Login

On This Page

When You Should Deny a Request

Only approve Duo (Two-Step Login) prompts when you generated the request. With the Duo Push method, the Duo Mobile app displays the name of the service being signed into and the location of the login attempt. If the information doesn't match what you are doing or where you are, select Deny

Do not approve a Two-Step Login prompt if:

  • You are not expecting it.
  • It's not for an app you are starting to use right now.
  • It shows a different location from where you are.

When you deny a Duo request, you'll be asked, "Was this a suspicious login?"

  • If it seems suspicious, then select Yes to report it to the IT Security Office.
  • Choose Yes if you suspect someone is trying to access your account.
  • Choose No if you selected Deny accidentally.

If another person tries to use your password, when  you receive a Duo Push notification on your mobile device, click Deny, then confirm the suspicious login by clicking Yes

Your Location and Privacy

Duo does not track your exact location. It only records broad geographic data for the city or country where the login originated, such as "Ithaca, NY, US." Duo only records a location at the time of the login attempt.


To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.