Duo - Verified Push and Risk-based Authentication

Overview

Risk-based authentication occurs when the Duo Security service detects suspicious authentication behavior on an account. When suspicious behavior is detected, Duo will initiate a Verified Push process to further safeguard your account. Details of the Verified Push process can be found on Duo Security's website.

When will I be prompted for Risk-based authentication via Verified Push?

Duo will require a Risk-based Authentication in the following high-risk circumstance:

  • User marked fraud: A user has indicated they weren’t responsible for a login by marking it as suspicious in the Duo Mobile app.
  • Push harassment: A pattern of failed authentications is consistent with an adversary performing a targeted push harassment attack against a single user.
  • Push spray: A pattern of failed authentications is consistent with an adversary performing a non-targeted push attack against multiple users.
  • Unrealistic travel: A user attempts to authenticate from a new location that would be impossible to reach based on the past authentication time and location.
  • Country code mismatch: The authentication device and access device appear to be in two different countries.
  • Novel ASN: A user attempts to authenticate from an autonomous system number (ASN) not seen in the organization’s recent history of successful authentication.

What does a Verified Push look like, and how is it different than a regular Duo push?

When Duo identifies an authentication attempt from an account that falls into one or more of the high-risk circumstances listed above, a Verified Push will be initiated.

  1. The page you are authenticating to will display a 3-6 digit code that you will need to enter in the Duo mobile app.


     
  2. The Duo mobile app will prompt you to enter the code displayed on the webpage. It will also include the location, if known, of the suspicious login attempt.


     
  3. Once you enter the code, you will be able to click the Verify button to log in.

What if I don't use the Duo mobile app?

If you do not use the Duo mobile app and cannot receive a Verified Push, you will still be able to authenticate using one of the following secure authentication mechanisms:

  • Security Token (such as YubiKeys)
  • TouchID (if your device and browser support it)
  • Bypass code. A bypass code can be generated by Help Desk Central after performing a visual verification. Visual verification can be done either in person at HDC or by a Zoom video conference. Call 979-845-8300 for assistance.
Was this helpful?
0 reviews
Print Article