Rutgers has removed phone calls as a two-step verification method in Duo to strengthen login security and help prevent unauthorized access to university systems.
Why is Rutgers making this change?
Cybercriminals are increasingly exploiting the phone call verification option for phishing attacks, causing account lockouts and other security problems. With the phone call method, Duo would place a call and prompt users to press a number to approve or deny a login attempt. Attackers can exploit this by placing fraudulent calls or repeated requests, increasing the likelihood that someone will approve an unauthorized login.
Many other universities have already removed phone authentication for security reasons.
Most users authenticate with other methods, such as a three-digit code (Verified Duo Push), and should not be affected by this change.
What alternative methods are available for two-step login?
Other verification methods offer stronger protection for your personal information and Rutgers systems. These options are more secure and less likely to be compromised:
- Three-digit code (Verified Duo Push)
- Duo passcodes
- security keys
- hardware tokens
For additional information about these Duo verification methods, please read this knowledge article.
What should I do?
Users who exclusively rely on phone call verification have already been contacted separately with guidance about changing their verification method. If you have questions or need assistance, please contact your department’s IT staff or your local Office of Information Technology Help Desk.
How can I avoid phishing scams?
The Phish Bowl page offers resources and tips about recognizing phishing attempts and avoiding cyber criminals’ traps.
Thank you for doing your part to help protect Rutgers systems and data.
Tags: help and support, phishing, security, two-step login