Laptop and smartphone showing NetID login prompt. DUO logo.

Enhancing your login security: Important MFA-Duo updates coming soon

Starting June 2, UW–‍Madison will implement 3 important updates to our Duo multi-factor authentication (MFA) service to better protect your NetID account while improving your login experience.

What updates are coming?

  1. Duo Verified Push: With the new Duo Verified Push process enabled, you will enter a 3-digit verification code on your mobile device to approve a login request. This helps prevent accidental approvals and protects against “push harassment” attacks where someone repeatedly sends you login requests, hoping you’ll accidentally approve one.
  2. Extended “Remember Me” time: We’re extending the “Remember Me” function from 12 hours to 7 days. This means you won’t need to complete the MFA-Duo authentication process as frequently when using the same device and browser.
  3. Improved Duo Mobile app passcodes: We’re updating how passcodes work in the Duo Mobile app. Starting June 2, app passcodes will automatically refresh every 30 seconds instead of remaining active until you use them. This makes your account more secure by preventing someone from using an old code.

These changes will not affect other authentication methods. If you use a hardware token, security key or other authentication method instead of Duo Push, your experience will not change.

What does this mean for you?

You don’t need to do anything right now. However, to prepare for these changes:

  1. Update your Duo Mobile app: Make sure you have the latest version from your app store.
  2. Familiarize yourself with Duo Verified Push: When logging in, you’ll see a 3-digit code on your computer screen that you’ll need to enter on your mobile device when approving the login request.
  3. Enjoy fewer login prompts: With the extended “Remember Me” function, you’ll be asked to authenticate less frequently on your devices.
  4. Ask questions early: If you have questions about how these updates might affect you, reach out to the DoIT Help Desk before the June 2 implementation date.

Get to know the Duo Verified Push login experience

When using Duo Verified Push, you’ll still receive a push notification on your mobile device. The difference is that instead of simply tapping “Approve,” you’ll need to enter the verification code shown on your login screen on your mobile device.

MFA-Duo mobile interface showing login options menu, push notification screen, and mobile app with Approve/Deny buttons for UW–‍Madison NetID login.
The current Duo Push mobile phone authentication process asks users to approve or deny login attempts, with a 12-hour “Remember Me” option.
Duo Verified Push passcode verification. Left: computer browser displaying a 3-digit code. Right: smartphone displaying a matching code.
The upgraded Duo Verified Push will ask users to type a 3-digit verification code on their mobile device to approve login attempts, with a 7-day “Remember Me” option.

If you use Duo on an Android or Apple smartwatch, you can enter the verification code using your watch’s keyboard, voice dictation, or other available input methods.

Why are we making these changes?

Many security incidents involving accounts with MFA-Duo enabled occur when people accidentally approve fraudulent push requests or misuse passcodes. These updates will significantly improve our university security, protecting your NetID while making your authentication experience more convenient with fewer prompts.

Dive deeper

Check out these KnowledgeBase articles for more details:

Questions or concerns?

If you have questions about these changes or need help, please contact the DoIT Help Desk: