The Office of Information Technology will implement Verified Duo Push, a more secure version of Duo Push, which requires users to enter a three-digit authentication code.
The Office of Information Technology (OIT) is taking steps to reinforce Georgia Tech’s defenses against cyberattacks such as Duo two-factor authentication push scams. These measures include the strengthening of security of logins to Institute systems by implementing Verified Duo Push by the end of business day, Monday, June 24.
Verified Duo Push is a more secure version of Duo Push, the current two-factor authentication system used by Georgia Tech that adds a layer of security to campus online accounts. Verified Duo Push provides additional security against “push harassment” and “push fatigue” by requiring users to enter a three-digit code, rather than “approve” or “deny” options, to verify an authentication request. Codes expire after 60 seconds.
Verified Duo Push also provides improved fraud reporting by directing users to a fraud-report option in the Duo Mobile application when they receive unexpected Duo Push login requests.
Verified Duo Push requires Duo Mobile 4.16.0, or later, on Android devices (Android 8 or later; 2017 or newer) or Duo Mobile 4.17.0, or later, on Apple devices (iOS 13 or later; iPhone 6s, 2015 or newer). You can learn more about Verified Duo Push and its requirements for use in the Georgia Tech knowledge article, “How to Use the Verified Duo Push Authentication Method (KB0043706).”
While disruptions during the implementation period are not expected, if you experience issues or have questions, please submit a help request by visiting services.gatech.edu.
If you ever suspect that you are being targeted by a Duo phone or push fraud, or believe that your Georgia Tech accounts have been compromised, contact OIT’s Cyber Security Operations Center at soc@gatech.edu. Always forward suspicious emails, as attachments, to phishing@gatech.edu.