Duke is enhancing its online security measures to protect users and their data. As a result, several changes will be implemented across Duke University, Duke Health, and Duke Kunshan in the next several months featuring three key cyber security tools: Duo Mobile, Duke Unlock, and 1Password.
This change is in response to increasing malicious attempts to access Duke accounts through schemes like phishing, smishing, and SIM swapping. A compromised account can lead to unauthorized access and service disruption. Increased security through these changes to MFA will further enhance account security by protecting against unauthorized access to sensitive information.
Image
|
Duo Mobile provides a quick and secure method to verify your identity.* |
Image
|
Duke Unlock is a key part of our MFA approach, offering a fast, secure, and password-free way to log in. |
Image
|
1Password is a tool used to safely store and manage passwords available at no cost to all Duke faculty, staff, and students. |
*Effective Feb. 8, 2025, Android users will need Android 11 to access Duo Mobile. The current version of Duo Mobile supports iOS 15.0 and higher. Effective Feb. 17, 2025, Apple users will need iOS 16.
Duo Support Drop-In Session (Virtual)
2-4 p.m., TUEsday, Jan. 7, 2025
10-11:30 a.m., Thursday, Jan. 16, 2025
Representatives from OIT will be available during this 90-minute slot to assist members of the Duke community with setting up Duo Mobile on their eligible devices.
*For university students, faculty, and staff only.
Zoom link: https://duke.zoom.us/j/92310520848?pwd=KM3MN6ku8bnaUPlun0t1Rb3S400Bqi.1&from=addon
For those who use SMS/Text or Phone Calls to Authenticate
Those using SMS/text and phone calls to access Duke resources are encouraged to register eligible devices with Duo or purchase a YubiKey by March 31, 2025.
Duo is a service you can use for multi-factor authentication. By downloading the Duo Mobile application and registering your mobile device with Duo, you can authenticate by:
- Choosing to receive a Duo Push notification to your mobile device,
- Generating a passcode with Duo Mobile, or
- Generating a passcode with a YubiKey--a hardware token that plugs into your computer’s USB port.
Video Overviews and Tutorials
Other Security Enhancements
- Extended “Remember Me” Period: You only need to re-authenticate every five days instead of three (72 hours).
- MFA On- and Off-Campus: Starting March 31, 2025, every one with a Duke NetID will need to use multi-factor authentication regardless of location.
- Enhanced Password Checks: New or updated passwords are automatically checked against a database of known compromised passwords. If a password isn’t secure, you’ll be prompted to choose a safer one.
Glossary
A password management service that allows users to create, manage, and store credentials and other secrets as well as check for compromised accounts using 1Password’s built in Watchtower tool.
The process of verifying a user’s identity for access to a device, account, or system.
Bio (life) - Metrics (to measure) is used as a way of authenticating users based on a user’s unique fingerprint or iris.
An application that allows users to access web-based content.
An authenticator that is built-into an operating system without the need of having to download an additional authenticator application.
Or CRV, is a series of security questions such as “What is your favorite place of travel?” to verify a user.
A passkey-based browser authentication service developed at Duke that offers an alternative to Duo for multi-factor authentication.
An authentication service that verifies users via push notifications or passcodes.
An application developed by Duo to provide authentication services on Android and iOS devices.
A method of authentication where the user receives a notification to either Approve or Deny access.
Often called two-factor authentication (2FA), enhances security by requiring users to provide multiple authentication factors, such as a passkey, token, or biometric.
Known as Open Authorization is an authorization protocol commonly used with cloud and application services to grant sign in.
A series of digits a user must enter on their screen to confirm their identity.
Allows users to log into apps, services, and websites without using a username and password combination. Instead, passkeys use cryptographic keys (public and private keys) that are stored locally on your device or in the cloud e.g., iCloud.
A string of unrelated words usually comprised of letters and sometimes numbers and symbols. Passphrases are meant to be easier to remember and type than a standard password.
A verification of a password against known compromised passwords and security requirements (password length and complexity).
A tool used to store and manage passwords. Duke recommends 1Password.
Also known as text messaging.
Also known as a security token is used to verify a user. Tokens can be physically connected to a system such as a YubiKey, physically disconnected from a system such as the Duo App, or contactless using wireless/RFID/Bluetooth connectivity (DukeCard readers).
A hardware security token (physical media) used to authenticate a user by connecting to a laptop or other physical devices that contain USB ports that a user owns.
Get Help
- Contact your local IT support
- Contact the OIT Service Desk
- Duke Health: Contact the DHTS Service Desk
- Duke Kunshan: Email the DKU Service Desk