Overview
How Verified Push differs from standard Multi-Factor Authenication (MFA) push, and why it's essential for account security at RPI.
Summary
Duo Verified Push enhances the security of conventional MFA by requiring you to enter a code on your device to complete the login. You will no longer be offered the option to approve or deny a Duo push notification without entering the code provided during the login process.
This added layer of security helps individuals quickly identify and thwart potential phishing and other credential-stealing attacks. Duo Verified Push can reduce the likelihood of accidental approval of malicious login attempts.
Verified Push only works when combined with the Duo mobile app. Phone call and SMS authentication are unsupported. Hardware tokens usage is unchanged as well.
Procedures
Duo App based MFA will prompt the individuals to accept or deny login with a push notification to their device. The login flow would generally look like this,
1. User logs in with RCSid and password
[RCSID login page]
2. Duo sends push to the device
[DUO standard push notification page]
3. Individual needs to approve push.
[Screenshot from phone of DUO push approval]
Once individuals are enrolled in verified push the workflow is:
1. Individual logs in with RCSid and password
[RCSID login page]
2. Duo sends push to the device, but this time a code is also shown on the device displaying the login screen
[DUO notification ]
3. The Duo app on your phone requests the code to approve the login. Individuals will enter the 3 digit code from the device's screen and tap Verify.
[Screenshot of pin entry in mobile app]
Limitations
- Apple Watch experience is degraded. The full QWERTY keyboard makes entering the code a challenge. You are able to illustrate or narrate your code as an alternative.
- In iOS the numeric keyboard is only launched in Duo app. If you attempt to approve direct from notification, you will have QWERTY. The approval still works, just less smooth.
Last Reviewed: 11-May-2023
Comments
0 comments
Article is closed for comments.