Duo Multifactor Authentication: Your Safety Sidekick | Information Technology | University of Pittsburgh
!

Search form

You are here

Home » Blogs » KJB136's blog

Duo Multifactor Authentication: Your Safety Sidekick

Wednesday, October 16, 2024 - 00:00

Even with strong, unique passwords for every account — and let’s face it, many people just rotate through a handful of passwords while using standard security questions — hackers manage to break into people’s accounts. That's where Multifactor Authentication (MFA) steps in as your digital sidekick, adding an extra layer of security to protect your accounts.

Why Duo Push Matters

At Pitt, we use Duo MFA. You might be thinking, "Is it really worth it?" Well, here’s a stat for you: Over 99% of account compromise attacks are blocked by multifactor authentication, according to Microsoft. That’s not just a big number — it’s a game-changer for securing your online presence. Duo works like a two-step locking system, so a burglar (aka hacker) can’t just waltz in with your password. They’ll need to know something only you know (your password) and access something only you have (your phone), which makes it really hard for them to access your account without you knowing … so long as you’re paying attention.

Got an Unexpected Login Request? Deny It!

Duo kicks in when you are actively logging into a Pitt system. If you get a Duo Push authentication prompt you didn’t initiate (aka, when you weren’t logging into anything), hit DENY right away! It’s a sign that someone has your password and is trying to access your account. Denying the request and immediately changing your password will keep intruders locked out. To update your password quickly, visit accounts.pitt.edu > Login & Security > Change Password.

The Magic of "Remember Me"

We get it. Approving Duo prompts all day is a pain. To save you from constantly reaching for your phone, Duo Push has a handy “Remember Me” feature. Check that box when logging in from trusted devices that only you use, and Duo will give you a break for 24 hours when you are logging on from the same device using the same browser. This way, you can enjoy an uninterrupted workflow without worrying about those constant pings. But if someone else tries to log on from a different device, it will still alert you to the intrusion attempt.

Not On Public Devices, Please!

Tempted to save your login info on a library or friend's computer? Don’t. Public devices are prime targets for hackers, and saving your password leaves you exposed. Always log out and clear your history when using shared computers.

What Happens If Your Phone Dies or You Get a New One?

You’ll need your phone to complete Duo. But if you ignored that low power warning a little too long, you’re not entirely stuck – so long as you’ve registered a backup phone or device ahead of time. It can be a tablet, Apple Watch, or a landline, if your place has one. Also, If you get a new phone (even with the same phone number), you’ll need to register it with Duo. Registering a new or backup device is a simple process—head to accounts.pitt.edu > Login & Security > Add/Manage Pitt Passport Devices.

The Other Half of Multi-Factor Authentication: Pitt Passport

Pitt uses a single sign-on (SSO) service called Pitt Passport to let you log onto most University services. SSO is just what it sounds like – once you sign in, you won’t have to log into each new Pitt service you access, as long as you don’t close/change your browser or clear your cache. Because Pitt Passport uses your University username and password, you don’t have to maintain separate login credentials for PeopleSoft/Highpoint CX, Canvas, email, Microsoft 365, PittWorx, etc.

Watch Out for Fake Sites!

Pitt Passport is super convenient … so long as you’re using the real thing! When logging in, always verify that you’re on the real Pitt Passport page: it should start with https://passport.pitt.edu/... Know what’s on the page — it asks for your username (not email address) and password only. If the URL or appearance doesn’t match, you could be looking at a cloned page. Don’t log in or you could be handing your information to phishers.

Forgot Your Password? No Sweat!

If you forget your University Computing Account password, Pitt’s Self-Service Password Reset service has you covered. Just click the “Forgot Password” link, answer your security questions, and you’re back in action. Of course, this only works if you’ve set your security questions ahead of time at accounts.pitt.edu > Login & Security > Change Password > Update Security Questions. Haven't set up your security questions? You’ll need to visit a computing lab with a valid ID to reset it. Which is a pain, so set those questions now.

It's Worth the Effort

MFA can feel a little tedious, but it's totally worth it. It only takes a few seconds to approve a Duo Push, and knowing your account is fortified against threats makes that small inconvenience a breeze. Plus, with the “Remember Me” option, you won’t even need to do it every time! So, next time you log in, remember: Duo Push is there to keep you and your data safe! Visit Multifactor Authentication at Pitt to dive deeper into the benefits and setup process.

Stay secure and let Duo Push be your hero in the digital world!

-- By Haree Lim, Pitt IT Student blogger