DUO Phone Call disabled starting July 31, 2019
.png)
What is happening?
On July 31st, 2019, VCU is disabling the phone call option in Duo as a method of authentication.
How does this affect me?
After July 31st, you will only see two options for two-factor authentication (Push and Passcode). If you currently use the Phone Call option, you will no longer be able to use that method of authentication.
Why is VCU doing this?
Due to recent FCC regulation, which allows telecoms to block robocalls by default, Duo calls are being blocked by telecoms. We have seen a significant increase in users who attempt to authenticate several times if the call is not connected. This option is unreliable and has led to users being locked out of their accounts. Additionally, VCU pays for each phone call requested regardless of whether the user receives the call. Phone call options are currently 5-times more expensive than the other options. With these concerns in mind, VCU information security has decided the best course of action is to disable the phone call option completely. This will lead to a more reliable service.
What should I do?
If you use the Phone Call option as your primary means of 2Factor authentication, you will need to use another option (Push, or Passcode/Token) after July 31, 2019. Since this is a change that will affect a large portion of the VCU community, VCU information security has some resources to help ease this transition.
- Seminars will be hosted by a member of the Information Security Office lasting 20-30 minutes on how to use Duo's other options and why 2Factor Authentication is essential. Seminars are scheduled for:
- 8/13/19 Sanger Hall B1-020 - 8:45 AM - 11:30 AM
- 8/14/19 Cabell Library B41 - 2 PM - 4 PM
- 1-on-1 consultations sessions will be provided by the IT Support Center in the basement of Cabell library in the ITSC office on how to use other DUO options.
- Phone and email support will also be provided. You can either call the IT Support Center at 804-828-2227 or email itsc@vcu.edu if you have any questions or concerns about this transition.
- Training Videos on how to use the other authentication options (Push, Passcode/Tokens) are found at the bottom of this page.
What are my other options?
You will still be able to use the Push or Passcode/Token option. We have described the different options below:
- Push - This will send a notification to the cellular phone that has the DUO app installed. You can approve or deny the request through this application. This application can be installed on Apple or Android devices. Please visit this webpage to learn how to download, install, and register the application with your account.
- Hard Token - This is a physical device that contains an LCD screen that will produce a passcode when you press the button on the device. This device does need not access to the internet.
- Soft Token - After you have the DUO application install on your mobile phone and you have the application associated with your account, you can use the application to produce passcodes to log in. The DUO app can create codes without an internet connection. Please see the video below (How to Use the DUO App as a Soft Token) on how to use the DUO app as a software token. You will need an internet connection if you intend to use the Push option.
Training Videos
How to use the Duo push option to authenticate with Duo
How to use the Duo App as a Soft token
FAQs
For users without a smartphone or a cell phone, please contact itsc@vcu.edu or at 804-828-2227 for an alternative solution to request for a hardware token
The Duo app also has "soft tokens", also known as passcode which can be accessed in the app at any time regardless of cell or internet signal. The soft token will allow you to authenticate.
If this solution does not work for you, please contact IT Support Center at 804-828-2227 for an alternative solution.
Due to recent FCC regulations, telecoms are blocking robocalls which effects Duo's phone calls. Since Duo phone calls are being blocked, this has caused an uptick in IT support tickets from users unable to receive Duo phone calls. Since the phone call option is unreliable, VCU information security will be disabling the phone call option entirely, which will improve the reliability of the service. This means when you authenticate with Duo, you will be limited to two options (SMS and push). This will be effective 7/31/19.
Unfortunately, we are not able to make any exceptions for this change. Although your carrier may not be blocking robocalls now, it is possible they will start blocking robocalls in the near future. To keep the service reliable, we are disabling the call option.
Using 2 factor helps protect your account and data. It requires someone knowing your password and having access to your phone before they could access your account or data. It can prevent a bad actor from accessing your account or data.
Just as a reminder, if you are constantly having to reauthenticate using 2 factor, consider using the remember me for 60 days option to avoid reauthentication.
No, DUO will still require your phone as another factor to verify your identity. The phone call option is being disabled but still will require your phone.
DUO is not being turned off, just the phone call option. This means that when you are authenticating with DUO, you will see options for 'Send me Push' and 'Enter a Passcode'
A soft token is shorthand for software token, this is opposed to a hardware (hard) token. Meaning that software, in this case DUO, is generating the login code. In the hardware token scenario, it is a device, usually a YUBIKEY or other small device, that generates the login code for you.