Question
What is Duo Verified Push
Answer
Remember USD IT will never contact you via a messaging app, phone call, or text message asking you to enter a code into your Duo app or ask for a code from your Duo app. If that occurs, assume that your account and password have been compromised and follow Password Change or Reset to reset your password.
Duo Verified Push is when you are prompted to enter six digits during the Duo MFA sign-in process. This occurs during authentication. https://duo.com/docs/policy#verified-push
Authentication will happen normally, Verified push is used to protect against:
- Push Harassment – Multiple successive push notifications to bother a user into accepting a push for a fraudulent login attempt
- Push Fatigue – Constant MFA means users pay less attention to the details of their login, causing a user to mindlessly accept a push login
- Login location & Impossible Travel - example: log in from South Dakota & Germany in the same hour
- User denying authentication repeatedly or reporting fraud
You will see a numeric six-digit code on your screen that must be entered on your authentication device to approve the Duo Push request. This ensures you cannot accidentally approve login requests when your aren't actively logging in to the application.
What does it look like
After successfully entering the six-digit code you will be asked "Is this your device?" Answering Yes will remember that device for future logins up to 30 days.
Note: DUO may send another Verified Push within the 30 days based on Risk-Based Authentication factors
What if I don't use the Duo application?
The following factors may be used during a high risk authentication if the app is not available:
- Roaming Authenticators - FIDO2-compliant WebAuthn security keys (ex. Yubikeys)
- Platform Authenticator - Touch ID using compatible browsers (ex. Chrome or Edge)
If you need further assistance, please submit your question here