The IT Security Team at the University has been made aware of an increase in phishing activity on our network.
As a short-term measure at this stage, IT Services is introducing Verified Duo Push – an immediate additional protection layer – as a precaution.
Verified Duo Push stops cyber attacks by asking users to enter a verification code from the access device (webpage or application) into the Duo mobile app during the push login process. By using a verification code, only verified users are able to log in, and this prevents someone absent-mindedly accepting a push they did not request.
The IT Services Security Team is currently implementing this measure and University members will encounter it when accessing University websites and applications protected by Duo 2FA.
When will the change happen?
We will be making changes to Duo 2FA between 20:30 and 21:00 this evening (Thursday 29 June) which will affect logins. Please be aware that students may have difficulty logging in to University services during this period.
If you are already logged in at this time, it is unlikely you will be affected, but disruption can’t be completely ruled out.
We are grateful for your patience while we make these security improvements and we will work hard to keep disruption to a minimum.
What do I need to do once the change has taken affect?
Firstly, make sure you only accept pushes from Duo that you did indeed request. Secondly, follow the instructions on the page and Duo app. The Duo 2FA process will now also ask you to enter a code into your Duo app – you’ll get this code from the webpage or application you are trying to access.
Here’s an example:
This change will add mere seconds to the login process, but it offers protection against any criminals trying to access data with your credentials.
I need help
Please get in touch with IT Services if you have any concerns or queries about this change, and how to keep your data and the University’s data safe..
Contact details for IT Services
0151 794 4567
servicedesk.liverpool.ac.uk