Alerts Announcements Home Page Feature Maintenance News & Events

November 20: DUO 2FA Changes

The DUO Two-Factor Authentication (DUO 2FA) system will be changed on November 20 to enhance the university’s information security posture.

This change will impact all systems and services which require DUO 2FA.

Why is DUO 2FA Changing?

The current standard DUO 2FA authentication methods, DUO Push and Call Me, prompt us to approve login attempts by either selecting approve in the DUO Mobile App (Push) or by stating approve on a phone call (Call Me).

As nefarious actors’ tools for obtaining login credentials have become more advanced and numerous, the risk of your WashU account being compromised has risen.

If your WUSTL Key username and password were to become compromised it would be easy to accidentally approve a login attempt which you did not initiate using our current methods of Two-Factor Authentication.

The DUO 2FA changes detailed below will help mitigate the risk of your inadvertently approving a login attempt initiated by an individual with nefarious intent.

How is DUO changing on November 20?

DUO Push

Current DUO Push
  1. Enter your WUSTL Key Login information
  2. DUO 2FA Push sends a push to your enrolled mobile device
  3. Open the DUO App on your mobile device
  4. Select Approve
New DUO Push
  1. Enter your WUSTL Key Login information
  2. DUO 2FA Push displays a code on your screen
  3. Open the DUO App on your mobile device
  4. Enter the code presented in Step 2
Please ensure the DUO Mobile App has been updated on your device(s)

If the DUO Mobile App is not updated per the instructions below,
then you will not be able to authenticate using DUO Push on November 20.

Android Devices:
How to View Your Operating System Version and Update It
Apple iOS Devices:
How to View your Operating System Version and Update it
Where can I view my DUO Mobile App version?
  1. Open the DUO Mobile App on your mobile device
  2. Select the Hamburger Icon in the upper left of the screen
  3. The Version number will appear in the lower left of this screen

Call Me and Passcode Available Via Exception Only

Note: Current Passcode exception holders can continue using Passcode Authentication.

What other services are changing on November 20?

Connecting with Virtual Private Network (VPN)

DUO Device Management Portal

  • The DUO Device Management portal, currently in development, will allow you to add and remove authorized mobile devices for your DUO 2FA verifications.
  • You may receive an email notification and a DUO Push notification when devices are added to or removed from your DUO account.
  • This portal will be used to sign up for DUO as well.

New Authentication Methods are in Development

  • We are currently developing alternate authentication methods to the DUO Push.
  • Additional information will be distributed as these alternate methods are developed.

We thank you in advance for assisting us in enhancing information security at WashU.

While improved systems and processes can help improve the university’s information security posture, our collective efforts as people truly ensure it.