Strengthen Account Security With Duo Two-Factor Authentication
Wednesday, October 9, 2024
In Week 2 of Cybersecurity Awareness Month, the Department of Information Technology is sharing best practices for using Duo Two-Factor Authentication (2FA) to enhance your account security and protect against unauthorized access. As cyber threats become more prevalent and sophisticated, passwords alone are no longer sufficient to protect your accounts. Adding 2FA provides an extra layer of security by requiring a second form of verification, ensuring that even if your password is compromised, your account remains protected.
How Duo Works – And What to Watch Out For
All Seton Hall users are required to enroll in 2FA. When you log into your account with your Seton Hall credentials, Duo provides several options for verifying your identity. You can choose to receive a push notification on your mobile device, a text message, a phone call, or use a passcode generated by the Duo app. Always review the notification details to ensure you are approving your own login attempt. If you’re unsure or did not initiate the request, it’s safest to deny the notification.
Hackers use different tactics to trick you into bypassing 2FA. Here are some scams to watch out for:
Phishing Scams: Duo will never send emails warning that "your MFA is about to expire" or ask you to scan QR codes. Always log in through PirateNet directly and report suspicious emails to IT Security by clicking the Report Phishing button on your Outlook toolbar.
Phone Scams: Seton Hall’s IT staff will never call you asking for your Duo code. If someone does, hang up immediately and change your password.
MFA Fatigue: Hackers may send multiple Duo notifications to your phone in quick succession, hoping you'll approve one by mistake. If you receive repeated requests that you didn’t initiate, deny them – this is a red flag.
Best Practices for Duo 2FA
Authenticate Only When Prompted by Duo: Duo will prompt you to authenticate only when you log in or need to re-authenticate. If you haven't received an authentication prompt recently, review your Duo authentication preferences or contact the Technology Service Desk via a service desk ticket to ensure your Duo account is properly configured.
Opt for the Duo Push Authentication Method: Duo Push offers significant advantages over phone calls or SMS for multi-factor authentication. It provides enhanced security, as it's less susceptible to interception and social engineering attacks. With Duo Push, logging in is more convenient; you can approve access with a single tap on your mobile device. Additionally, the Duo Mobile app remains reliable even in low signal areas, ensuring you can always authenticate securely no matter where you are.
Verify Every Duo Push Notification: Always review details in a Duo notification, such as the location and time of the login attempt. Approve only if they match your recent activity. If anything seems unfamiliar, deny the request to protect your account. When a notification is denied, IT Security is automatically alerted and can initiate an investigation to ensure your account remains secure.
If you experience suspicious Duo-related requests, contact the Department of Information Technology by submitting a service desk ticket on the Technology Service Desk portal. This will allow IT Security to investigate and protect your account.
Categories: Science and Technology