[ad_1]
Users of the University of Michigan’s Cisco Duo two-factor authentication system are now required to use a new security feature designed to enhance login protection. The update, called Duo Verified Push, asks users to enter a three-digit verification code when completing Duo push notifications. This change took place across all three U-M campuses.
The new update aimed to add another layer of defense against phishing and identity theft. According to an announcement from the University on Sept. 11, this change does not impact the frequency of prompts. Users need to input the verification code displayed on their mobile devices before tapping “verify” to complete their login. Members can still set up biometric authentication on their devices to log in with a fingerprint or facial recognition instead of confirming a push notification.
Ravi Pendense, U-M vice president for information technology and chief information officer, explained the motivation behind the update in an email to The Michigan Daily.
“This update will greatly strengthen our digital security,” Pendense wrote. “It also enhances the university’s defenses against phishing and identity theft. A recent advisory from the FBI and the U.S. Cybersecurity & Infrastructure Security Agency underscores the importance of implementing stronger authentication measures to defend against evolving cyber threats and secure sensitive information.”
Duo identified that push-based authentication can be susceptible to tactics such as push harassment and fatigue, where attackers attempt to trick or frustrate users into approving fraudulent logins. By introducing a required verification code, the University aims to address these vulnerabilities and improve overall cybersecurity.
LSA junior Isabella Meredith expressed her concerns about the inconvenience of the new process in an interview with The Daily.
“We are logging onto our Canvas or Wolverine Access multiple times a day,” Meredith said. “I appreciate that they’re trying to protect our safety, but they should send out a poll or something to the students and ask us how we want to do it.”
Pendense said while he recognizes that the update might impact user experience, he believes it is a small price to pay for stronger cybersecurity.
“This additional step adds an important layer of security to our authentication process,” Pendense wrote. “It will protect our data, our community, and each one of us. … It only replaces pressing a button with entering a short three-digit code. This small action will make a big difference in enhancing our cybersecurity defenses.”
In addition to updating the Duo Mobile app to the latest version available from app stores, users also need to use Duo for Microsoft 365 and Teams logins beginning Wednesday.
In an email to The Daily, J. Alex Halderman, director of the Center for Computer Security and Society, highlighted the potential consequences of a security breach.
“There’s a lot at stake if your university account is compromised, even for students, since your university email can act like a ‘master key’ to your online life,” Halderman said. “Your bank, online shops, and social media site(s) will often let someone reset the password with only access to your email account. Attacks like this are all too common, so it’s important for everyone to ensure that their university account is well secure.”Daily Staff Reporter Emma Spring can be reached at sprinemm@umich.edu.
Related articles
[ad_2]
Source link