News & Updates • September 26, 2024
Increased Duo Protections for NAU Students
Beginning on October 8th, NAU users are required to enter a three-digit code to successfully validate with Duo.
Beginning on October 8th of 2024, NAU students will be required to enter a three-digit verification code when authorizing into NAU services with Duo Two-Step Verification. This announcement comes six months after the release of the same protections for NAU Employees.
Increased cyber threats targeting NAU students
These increased protections come at a time of increased cyber attacks targeting NAU students. We’ve seen cybercriminals targeting students in a variety of ways, including phishing emails, and other fake incentives such as internships or job offers that seem too good to be true.
How the process works
When you go to log into a product or service that requires Duo verification, you’ll receive a three-digit code in your web browser or application window. You’ll enter this code in your Duo Mobile application on your enrolled device to complete the login process. After you enter the three-digit code, you’ll be able to log in as you experienced previously using Duo.
If you use a physical Two-Step fob device to authenticate with Duo, you won’t see any changes in behavior when logging in.
For Apple Watch owners—you’ll still be able to use an Apple watch to complete the login process, using the watch’s on-screen keyboard to input the code when receiving a Duo push notification.
How this change protects you
When an NAU user’s account information is compromised, cybercriminals will spam a user with Duo push notifications until a user mistakenly accepts a request, granting the malicious entity access to their account. This concept is often referred to as “MFA Fatigue”.
This change reduces the attack vector for a cybercriminal by adding another layer of action into the login workflow and reducing MFA fatigue on users.
Never share your NAU password
We’d like to remind you to never share your NAU password with anyone, for any reason. This includes friends, spouses, parents, or guardians. If you need assistance with account access, authorized user payments, or other functionality that would bring you to consider sharing your password, contact the ITS Service Desk. We’ll help you with your request while keeping your account secure.
Remember, the easiest vulnerability for a cybercriminal to exploit isn’t the technology—it’s you. Sharing your NAU password with anyone carries a high risk for you and your loved one’s financial, health, and identifiable information.
User experience improvements to follow increased protections
With the increased cyber protections rolling out to the entirety of NAU’s population, we’re able to roll back legacy protections that are no longer necessary and provide you with a more seamless and streamlined experience using NAU technologies. A recent example of this includes when we rolled back the requirement for users to change their passwords every three months when Duo was implemented in 2022.
With the rollout of these new protections in 2024, we’re able to start working on more ways to streamline your experience using NAU technology products and services, while still keeping your information secure.