DUO Verified Push enhances the security of conventional two-step login by requiring you to enter a code on your device to complete the login. This added layer of security during authentication, helps individuals quickly identify and reduce potential phishing attempts including accidental approval of malicious logins.
What is Risk-Based Authentication?
Authentication happens normally unless DUO determines an authentication attempt is unusual or higher risk through a combination of factors:
- User marked fraud: A user has indicated they weren’t responsible for a login by marking it as suspicious in the Duo Mobile app.
- Push harassment: A pattern of failed authentications is consistent with an adversary performing a targeted push harassment attack against a single user.
- Push spray: A pattern of failed authentications is consistent with an adversary performing a non-targeted push attack against multiple users.
- Unrealistic travel: A user attempts to authenticate from a new location that would be impossible to reach based on the past authentication time and location.
- Country code mismatch: The authentication device and access device appear to be in two different countries.
- Novel ASN: A user attempts to authenticate from an autonomous system number (ASN) not seen in the organization’s recent history of successful authentication.
If DUO detects a high-risk condition
The authentication will require a stronger second factor, typically a Verified Push, where you will need to enter the 6-digit number from the webpage into your DUO Mobile application.
What if I don’t use the Duo application?
The following factors may be used during a high-risk authentication if the app is not available:
- Bypass codes – Bypass codes provided by the Help Desk
- Roaming and platform authenticators – WebAuthn FIDO2 security keys with biometric or PIN verification, and authenticators or biometric sensors built into the device like Touch ID or Windows Hello