2024 Duo MFA Updates

Upcoming Duo MFA Changes

We are excited to announce important updates to the Duo Multi-Factor Authentication (MFA) system. Starting October 2024, there will be three important updates. These changes are part of our ongoing efforts to enhance security and streamline the authentication process for all users.

1. Universal Prompt

SDSU users currently experience the Traditional Duo Prompt when logging into an application protected by Duo MFA. However, in  March 2024, the Traditional Duo Prompt reached the end of support. In October, we will transition to the Universal Prompt. The Universal Prompt provides a simplified Duo experience over the traditional prompt, helping you log in to your applications faster. than before.

Learn More: For full details about Duo's Universal Prompt, visit the vendor webpage, Duo Universal Prompt.

Benefits of the Duo Universal Prompt

 
Universal Prompt Modern Interface

Modern SDSU Duo Portal Interface

While the interface will offer a cleaner and more intuitive design, the functionality will remain the same. You will still be able to manage all your devices in the SDSU Duo Portal.
Universal Prompt Device Options

Streamlined Authentication Process

With a more intuitive layout, you’ll find it easier to navigate through your authentication options like Duo Push, passcodes, and phone calls.
 

2. TOTP (Time-based One-Time Password) 

SDSU Duo Mobile App users currently utilize a HMAC-based One-Time Password (HOTP). A security concern was that unused HOTP codes do not expire. To improve security of these passcodes, we will be transitioning to a Time-based One-Time Password (TOTP).

Learn More: For full details, visit the vendor webpage, Duo Passcodes.

Benefits of TOTP Authentication

 
Duo MFA TOTP

Increased Security

TOTP generates a unique code that changes every 30 seconds, making it more secure than HOTP, which does not expire.

3. Verified Duo Push

Verified Duo Push is a more secure version of Duo Push, requiring users to enter a three-digit code to verify an authentication request. 

Learn More: For full details, visit the vendor webpage, Duo MFA Verified Duo Push.

Benefits of Verified Push

 
Verified Duo Push

Protection Against Fraudulent MFA Requests

Verified Duo Push provides additional security against “push harassment” and “MFA fatigue” by requiring users to enter a three-digit code, rather than “approve” or “deny” options, to quickly identify and thwart potential phishing and other credential-stealing attacks.

What to Expect During the Transition?

There is no action required on your part to initiate these changes. The updates will occur automatically. 

Need Help?

Our IT support team is available to assist you with any questions or concerns you may have during this transition. Please visit https://it.sdsu.edu/get-help for assistance. 

We believe these changes will significantly improve your MFA experience and enhance the security of your university accounts. Thank you for your cooperation and understanding as we implement these important updates.

Get Help

To request a service, please submit a ticket via ServiceNow.

IT Security Office
Administration Building
security.sdsu.edu
IT Self Help Resources

Report an Incident

Please contact the Information Security team immediately if you experience or are aware of any of the following: