Over the past three months, 25 Denison accounts were taken over through phishing attacks that tricked people into approving a fraudulent Duo request. While these attacks have not yet led to data loss, this type of attack increases the risk that sensitive information and systems could be compromised.

Starting on Monday, March 23rd, a real-time security check will be added to the Duo login process to detect unusual login activity. If a login appears unusual, such as logging in from a new device and/or location, less-secure verification methods will not be available. 

What you’ll see

• For the vast majority of logins, your login experience will remain unchanged. When using Duo Push, you’ll only need to enter a 3-digit code.
• If an unusual login is detected, a high-security authentication method is required.
  • Less-secure Duo options, including phone calls and text messages, will be unavailable.
  • Duo Push will require a 6-digit code.
• If you receive a Duo verification request that you did not initiate, deny it and change your Denison password immediately to protect your account.

What do you need to do?

• If you already use Duo Push: You’re all set! No action is required.
• If you primarily use Duo phone calls or text messages: Make sure you have a high-security authentication method set up so you can always log in to your Denison account. High-security authentication options include:
  • Duo Push
  • Built-in Device Authenticators such as Apple Touch ID, Face ID, or Windows Hello
  • YubiKey series 4/5 tokens

To learn more about Duo, visit my.denison.edu/duo

• For a list of Duo authentication options, see: “Which Duo MFA authentication method is right for you?”
• To add or update your Duo authentication methods, see: “How Do I Manage My Duo Devices?”

If you have any questions, please contact the Service Desk at (740) 587-6395 or servicedesk@denison.edu.