DUO Push Verified Multi-Factor Authentication: Implementation for HCM

To enhance security against phishing and further protect the Human Capital Management (HCM) system, UTECH Office of Information Security (OSI) is implementing Verified DUO Push as the primary multi-factor authentication (MFA) method.

New Way to Log In: Verified DUO Push

The main security method is changing from the standard DUO Push to Verified DUO Push. This adds an extra step to make sure it's really you logging in:

1. After you log in with your CWRU Network ID and password (SSO), a 6-digit code will appear on your computer screen.

2. You must manually type this 6-digit code into your DUO Mobile app on your phone to finish logging in.

This prevents someone else from simply pressing "approve" on a push notification if they manage to steal your password.

What You Need to Do Now

To prepare for this change, everyone must take these steps:

1. Update the DUO Mobile App: Make sure the DUO Mobile app on your phone is updated to the latest version (version 4.0.0 or higher).

2. Download the DUO App (if you don't have it): If you don't have the DUO Mobile app, download it immediately from your device's app store.

3. Find a New Method if You Use a DUO Token: If you currently use a DUO Token (the small physical device that generates codes), you must switch to Verified DUO Push (the DUO phone app) or get a YubiKey.

What's Changing: Supported Login Methods

We are removing several older, less secure login methods and only supporting enhanced, more secure authentication methods.

Need Help?

For questions about this new security update, please contact askinfosec@case.edu.