Reminder - Verified Duo Push for PennKey SSO

10/23/24

Update October 23, 2024: Verified Duo Push for PennKey SSO Apps is now live.

---

To improve the security of PennKey SSO applications including Microsoft O365, on October 23, 2024, Verified Duo Push will replace Duo Push. This change only applies to users who currently use Duo Push as their second factor for authentication. See below for details.

Enhanced Security

Duo Push is one of the ways users can complete the second step of Two-Step Verification when logging into a PennKey-protected service. For users with Duo Push enabled, a notification is sent to the user’s smartphone or tablet to verify identity. Instead of clickable “Deny” or “Approve” options, with Verified Duo Push the user is required to enter a three-digit code (see images below). The code gives added protection against “push harassment” and “push fatigue” cybersecurity attacks where users are spammed with push requests until they reply “yes.”

What Will Change

Only the Duo Push process to establish a PennKey SSO session or log into Microsoft O365 will change. Users will continue to use the Duo Mobile app and other login options as they do today. Changes include:

Comparison of the old Duo Push (left), with the new 'Verified Duo Push' (right)

Users who use Duo Push will be shown a code to enter on their mobile device when responding to the Push instead of the “Deny/Approve” buttons.

Users who do not have Duo Push enabled will still be able to log in the way they do today to access PennKey SSO applications. These users are strongly encouraged to adopt Push to take advantage of the better protection.

Help & Resources

Access ISC’s Two-Step Verification help documentation.
Users can find support contacts on the Two-Step Verification help contacts page.
Support providers may contact ISC Client Care for issues.