DUO Verified Push and Risk-Based Authentication

DUO Verified Push enhances the security of conventional two-step login by requiring you to enter a code on your device to complete the login. This added layer of security during authentication, helps individuals quickly identify and reduce potential phishing attempts including accidental approval of malicious logins.

What is Risk-Based Authentication?

Authentication happens normally unless DUO determines an authentication attempt is unusual or higher risk through a combination of factors:

Logon location and impossible travel – such as login from Idaho and Amsterdam in the same hour
Users denying authentication repeatedly or reporting fraud
Login to multiple user accounts from the same session
Logon from a new, unremembered device in combination with other factors

If DUO detects a high-risk condition

The authentication will require a stronger second factor, typically a Verified Push, where you will need to enter the 6-digit number from the webpage into your DUO Mobile application.

DUO Verified Push - Web Prompt DUO Verified Push - DUO Mobile App prompt

What if I don’t use the Duo application?

The following factors may be used during a high-risk authentication if the app is not available:

Bypass codes – Bypass codes provided by the Help Desk
Roaming and platform authenticators – WebAuthn FIDO2 security keys with biometric or PIN verification, and authenticators or biometric sensors built into the device like Touch ID or Windows Hello

Tagged in: Duo Two Step Login