Friday, April 4, 2025

Cyberattacks targeting payroll and direct deposit information are on the rise, and the University of Iowa is taking steps to protect you. Starting April 17, 2025, Duo Verified Push will be enabled campuswide—including health care—to strengthen two-factor authentication.

This new security feature will require users to enter a three-digit code presented on screen into the Duo Mobile App when a service requires two-factor authentication. 

A screenshot of a web application showing a 3-digit code "803"
Screen shot of website login page where "803" is entered into the keypad

Recent attacks have highlighted the need for more secure authentication methods. Bad actors have used compromised credentials to repeatedly trigger Duo push notifications, leading users to approve the requests out of annoyance, thereby granting unauthorized access. Duo Verified Push aims to mitigate this risk by adding an extra layer of security with the three-digit code.

Not everyone will notice or see the change immediately as the two-factor authentication is typically “saved” for 30 days for web-based apps.  

Instructions and frequently asked questions about the change can be found on the Information Technology Services (ITS) website.

“The University of Iowa Information Security and Policy Office has identified cybersecurity threats targeting payroll and direct deposit information,” says Chief Information Security Officer Zach Furst. “Employees are urged to remain vigilant and follow best practices to avoid scams. By staying aware and using security tools like Duo, employees help keep their information and the university secure."

Services and websites that require Duo login include MyUI, ICON, Office 365, and Employee Self Service, amongst others. 

This change will only impact users who use the "push" method for Duo authentication; those using SMS/voice will see no change and continue functioning as they do today. However, SMS/voice prompts for authentication approvals will be phased out over time to reduce costs and enhance security. 

As always, if you think your credentials might be compromised, reset your password as soon as possible. If you have questions, please reach out to the Information Technology Services at 319-384-4357 or the Health Care Information Systems Help Desk at 319-356-0001.

Related service(s)
Two-Step Login with Duo Security