Duo: Sound the Alarm

Posted on by

Users play a crucial role in defending against cybercriminals. When your password is stolen, a hacker will try to use it to gain unauthorized, criminal access to University protected systems and information. Duo serves as a second line of defense, but only with your help. Hackers will attempt to trick you into authenticating a login on their behalf.  We’re sharing common attacks to be aware of, how to detect them, and what to do if you are subject to an attack.

Attack #1: Duo Push Fatigue

Duo push notifications alert you of attempted logins to your account by sending a prompt to your mobile device immediately after you initiate a login. When you receive a Duo push notification that you did not initiate, your alarm bells should go off. Your password is being used by someone else to log into your account; your credentials are compromised. Hackers rely on the fact that you may be busy, with your attention focused elsewhere, so they repeatedly attempt logins to trigger Duo pushes. Their goal is for you to push “accept” out of alert “fatigue.”

If you ever receive a push that you did not initiate, you must take the following steps to secure your account and to protect the University:

  • Deny the Duo prompt.
  • Report suspicious activity via the Duo application, if prompted.
  • Report the activity to the Technology Support Center.
  • Visit https://netid.uconn.edu/to change your password.

Never accept a Duo push that you did not initiate. You should only ever approve Duo pushes when the Duo notification displays the correct login system, approximate location, and precise time of login.  

Attack #2: Duo Passcode Theft

Hackers create fake login pages that look and feel like familiar UConn sites. If you as the end user unknowingly attempt login to a fake website, the hacker may capture your login credentials as you do so. The hacker may then send you a fake authentication prompt, where it requires you to enter the 6-digit passcode from your Duo mobile application. Unsuspecting, you retrieve the legitimate code and enter it into the required field on your browser.

Your login ultimately fails because the website was a “spoofed” page imitated by the hacker.

In this attack, you get nowhere, while the hacker walks away with not only your credentials, but a legitimate 6-digit code that they can now use to authenticate their login using your credentials to access an actual University system.

If you suspect that your NetID credentials and/or Duo passcodes have been compromised, you must take the following steps to secure your account and to protect the University:

For more information on Duo, please visit: https://kb.uconn.edu/space/IKB/10726900331/Two-Factor+Authentication