Duo Verified Push and Risk Based Authentication

Upcoming Change

Starting September 12th Risk Based Authentication will only work with following methods:

  • Duo Mobile
  • FIDO or WebauthN - including Apple fingerprint reader or Yubikey, if enrolled
  • Bypass code provided by your TSP or Duo admin

*Passcodes will no longer work.

Overview

Duo "Verified Push" is when you are prompted to enter 3 digits during the Duo MFA sign-in process. This typically occurs when a risk has been identified during authentication. https://duo.com/docs/policy#verified-push

 

What is Risk-Based Authentication?

Authentication happens normally, unless Duo determines an authentication attempt is unusual or higher risk through a combination of factors:

  • Logon location and impossible travel - such as logon from Idaho and Amsterdam in the same hour
  • User denying authentication repeatedly, or reporting fraud
  • Logon from a new, unremembered device in combination with other factors
  • Logon to multiple user accounts from the same session

 

What does this look like?

If Duo detects a high risk condition, the authentication will require a stronger second factor, typically a Verified Push, where you will need to enter the 3-6 digit number from the webpage into your Duo Mobile application.  

Web Page display numberDuo Mobile verification prompt

 

What if I don't use the Duo application?

The following factors may be used during a high risk authentication if the app is not available:

  • FIDO or WebauthN - including Apple fingerprint reader or Yubikey, if enrolled
  • Bypass code provided by your TSP or Duo admin

After September 11, 2023 the following methods will not work for a high risk authentication:

  • SMS passcodes
  • Duo mobile passcodes
  • Hardware tokens (fobs)

 

 

 

 

Report Problem Print Article

Details

Article ID: 2368
Created
Wed 11/2/22 11:25 AM
Modified
Tue 5/14/24 1:20 PM

Related Articles (2)

Information on DUO tokens
This is a tutorial for how to add and manage your Duo devices.

Related Services / Offerings (1)

To reset your password yourself go to the Password Reset Tool at https://help.uidaho.edu/security/reset/. If you have already changed your password and still cannot access services, please send an email from any account to support@uidaho.edu.  Please include your NetID, Vandal Number, an any error messages you receive in your email.