Graphic of a hand holding a cell phone with text: Hang up the call. due to recent FCC ruling, the DUO phone call option will be disabled on july 31, 2019. Visit go.vcu.edu/duo to learn more details [View Image]
On July 31st, 2019, VCU is disabling the phone call option in Duo as a method of authentication.
After July 31st, you will only see two options for two-factor authentication (Push and SMS). If you currently use the Phone Call option, you will no longer be able to use that method of authentication.
Due to recent FCC regulation, which allows telecoms to block robocalls by default, Duo calls are being blocked by telecoms. We have seen a significant increase in users who attempt to authenticate several times if the call is not connected. This option is unreliable and has led to users being locked out of their accounts. Additionally, VCU pays for each phone call requested regardless of whether the user receives the call. Phone call options are currently 5-times more expensive than the other options. With these concerns in mind, VCU information security has decided the best course of action is to disable the phone call option completely. This will lead to a more reliable service.
If you use the Phone Call option as your primary means of 2Factor authentication, you will need to use another option (SMS, Push, or Token) after July 31, 2019. Since this is a change that will affect a large portion of the VCU community, VCU information security has some resources to help ease this transition.
You will still be able to use the SMS, Push, or Token option. We have described the different options below:
For users who do not own a smartphone, SMS codes can be sent to your cell phone. For users without a cell phone, please contact firstname.lastname@example.org or at 804-828-2227 for an alternative solution.
The SMS access (text message) codes can be sent to you when you do have a signal. SMS will provide several codes that will work several days after they have been requested.
The Duo app also has "soft tokens" which can be accessed in the app at any time regardless of cell or internet signal. The soft token will allow you to authenticate.
If this solution does not work for you, please contact IT Support Center at 804-828-2227 for an alternative solution.
We understand that your phone is very personal and we respect that. That being said, we highly recommend that you do download and use the Duo app, VCU does not own Duo and cannot see what is on your phone. The Duo app only requests permissions to access the camera to scan QR codes, this permission can be revoked at anytime as it does not effect the service.
If you still do not want to use the Duo app, you can use other 2 factor authentication apps such as Google authentication, LastPass, Norton VIP or any other 2 factor app that you use* or use SMS.
Due to recent FCC regulations, telecoms are blocking robocalls which effects Duo's phone calls. Since Duo phone calls are being blocked, this has caused an uptick in IT support tickets from users unable to receive Duo phone calls. Since the phone call option is unreliable, VCU information security will be disabling the phone call option entirely, which will improve the reliability of the service. This means when you authenticate with Duo, you will be limited to two options (SMS and push). This will be effective 7/31/19.
Unfortunately, we are not able to make any exceptions for this change. Although your carrier may not be blocking robocalls now, it is possible they will start blocking robocalls in the near future. To keep the service reliable, we are disabling the call option.
Using 2 factor helps protect your account and data. It requires someone knowing your password and having access to your phone before they could access your account or data. It can prevent a bad actor from accessing your account or data.
Just as a reminder, if you are constantly having to reauthenticate using 2 factor, consider using the remember me for 60 days option to avoid reauthentication.
No, DUO will still require your phone as another factor to verify your identity. The phone call option is being disabled, but still will require your phone.
DUO is not being turned off, just the phone call option. This means that when you are authenicating with DUO, you will see options for SMS or PUSH. Before you would see SMS, PUSH and Phone Call, this phone call option is being turned off and will not longer show up on the menu.
A soft token is shorthand for software token, this is opposed to a hardware (hard) token. Meaning that software, in this case DUO, is generating the login code. In the hardware token scenario, it is a device, usually a YUBIKEY or other small device, that generates the login code for you.