1. When logging in to a UI service requiring Two-Step Login using a web browser, a Duo Verified Push prompt like the sample below will display on your computer or other device, showing a unique three-digit code.

   

2. Enter that code into the Duo Mobile app on your smartphone or tablet, as shown below, then choose the blue Verify button.

   

NOTE: If the Duo Mobile app on your smartphone or tablet ever displays the above screen when you're not logging in, choose the red I'm not logging in button. That will alert IT staff to potential malicious activity.

Requiring a three-digit code helps prevent “push fatigue” or “push harassment,” which are cyberattacks where hackers attempt to compromise resources by repeatedly sending verification pushes when you have not initiated the verification.

By sending pushes repeatedly, hackers hope you will become confused or frustrated by repeated pushes, which will trick you into approving illegitimate access. Adding the three-digit code helps to ensure that the push is a legitimate verification request you made. 

If there are multiple declined or incorrect login attempts, IT security will be notified of the security risk. Only approve pushes for requests that you have initiated, and do not provide the three-digit code to anyone.

No. Unfortunately at this time, Verified Duo Push is not compatible with smartwatches. This may change over time as vendors update hardware and/or software for smartwatches.

Verified Duo Push will be introduced on April 17, 2025. However, not everyone will notice or see the change immediately as two-factor authentication is typically “saved” for 30 days for web-based apps.

Duo Verified Push only appears in browser-based login prompts. If you're using Duo with an integration that doesn’t involve a browser, you will continue to see the standard Duo Push experience. This is expected behavior, and no changes are required for non-browser-based logins.