Introducing Verified Duo Push

We are implementing changes due to the recent phishing attacks that have targeted our university. Unfortunately, some individuals have fallen victim to these attacks by either mistakenly approving unauthorized Multi-Factor Authentication (MFA) push notifications or disclosing their Duo passcodes to the attackers.

DO NOT share your CSUSM password, Duo Passcode, or Duo Authentication numbers with anyone. If someone asks you for any of these via email or text message consider them suspicious and do not respond; first reach out to abuse@csusm.edu. This goes for any any suspicious activity, please report and get a second opinion.

Verified Duo Push

In early April, 2024, we will be implementing the following changes to the Duo push method; however, if you currently using a fob in order to mutlifactor authenticate into Duo your process will not be affected.

Here’s how it works

1. Log-in as normal, with campus credentials.

2. You will be prompted on device you are attempting to log-in on with three numbers.

3. Then you will go to your DUO mobile app to enter the three numbers displayed on your device.

4. Enter the correct three numbers and you will succesfully be logged in; however, if you enter incorrect numbers you will recieve the following prompt on your computer to "Try again".

 5. Lastly, if you recieve a prompt on your Duo app and you were not attempting to login, please click the "I'm not logging in" option and report it as a suspicous login to prevent further attempts.

      

 6. If you do not have the correct version of Duo Mobile App you will experience the following:

      a) You will see the code in the screen.

      b) You will get a regular push.

      c) When they click approve it will tell you to “update to the latest version of Duo Mobile”.

      d) Your authentication will fail.