Starting June 2, UW–Madison will implement 3 important updates to our Duo multi-factor authentication (MFA) service to better protect your NetID account while improving your login experience.
What updates are coming?
- Duo Verified Push: With the new Duo Verified Push process enabled, you will enter a 3-digit verification code on your mobile device to approve a login request. This helps prevent accidental approvals and protects against “push harassment” attacks where someone repeatedly sends you login requests, hoping you’ll accidentally approve one.
- Extended “Remember Me” time: We’re extending the “Remember Me” function from 12 hours to 7 days. This means you won’t need to complete the MFA-Duo authentication process as frequently when using the same device and browser.
- Improved Duo Mobile app passcodes: We’re updating how passcodes work in the Duo Mobile app. Starting June 2, app passcodes will automatically refresh every 30 seconds instead of remaining active until you use them. This makes your account more secure by preventing someone from using an old code.
These changes will not affect other authentication methods. If you use a hardware token, security key or other authentication method instead of Duo Push, your experience will not change.
What does this mean for you?
You don’t need to do anything right now. However, to prepare for these changes:
- Update your Duo Mobile app: Make sure you have the latest version from your app store.
- Familiarize yourself with Duo Verified Push: When logging in, you’ll see a 3-digit code on your computer screen that you’ll need to enter on your mobile device when approving the login request.
- Enjoy fewer login prompts: With the extended “Remember Me” function, you’ll be asked to authenticate less frequently on your devices.
- Ask questions early: If you have questions about how these updates might affect you, reach out to the DoIT Help Desk before the June 2 implementation date.
Get to know the Duo Verified Push login experience
When using Duo Verified Push, you’ll still receive a push notification on your mobile device. The difference is that instead of simply tapping “Approve,” you’ll need to enter the verification code shown on your login screen on your mobile device.


If you use Duo on an Android or Apple smartwatch, you can enter the verification code using your watch’s keyboard, voice dictation, or other available input methods.
Why are we making these changes?
Many security incidents involving accounts with MFA-Duo enabled occur when people accidentally approve fraudulent push requests or misuse passcodes. These updates will significantly improve our university security, protecting your NetID while making your authentication experience more convenient with fewer prompts.
Dive deeper
Check out these KnowledgeBase articles for more details:
Questions or concerns?
If you have questions about these changes or need help, please contact the DoIT Help Desk:
- Phone: 608-264-4357 (HELP)
- Email: help@doit.wisc.edu
- Chat with a Help Desk agent
- In person: Computer Sciences Building, 1210 W Dayton St
- Hours: 7am to 11pm, 7 days a week (except for some holidays and breaks)