The UW regularly updates support for two-factor authentication (2FA) features to ensure we are delivering secure sign-ins. Major updates will be highlighted here. If you have questions about the validity of a Duo experience you may encounter, or questions about Duo at the UW, please contact help@uw.edu.
Duo is updating the way 2FA looks during your sign-in experience. This page aims to help you be aware of the trusted UW Duo experience, and understand changes to Duo.
Understanding new and previous Duo behavior
Signing in to the UW Identity Provider system
With the new Duo experience, how you normally start your sign-in process won’t change. In this example, you would sign in to the UW idP using a UW NetID and password when signing into a site such as my.uw.edu. The sign in step looks the same.
New Duo prompt
After providing your first factor (UW NetID and password), you are prompted to provide your second factor, which is your verification via Duo.
In the new Duo authentication, you will be automatically prompted with your last-used method. How you approve your Duo authentication method is not changing. However, with your first sign-in experience Duo may choose a method you do not typically use.
Many people at the UW prefer the Duo “Push” method for Duo authentication by default, while others choose passcodes or other methods. Note that if the “wrong” method is presented by default, you can choose “Other options” to select from a list of Duo methods (the available options will depend on what you have added at https://identity.uw.edu/2fa/ ). Any method you select when you’re first presented with the new Duo prompt will provide you the typical authentication experience.
In the previous Duo prompt, you were presented with a different approach to choosing your authentication option. In this previous prompt, to see other available authentication options, you first had to click “cancel”.
Changes in the web address/URL
With the new Duo prompt, there is also a change in the URL that Duo presents in your browser. You will see duosecurity.com in the address.
Note that “duosecurity” in the URL will be correct; you will no longer see “idp.u.washington.edu” in the web address when being asked for Duo.
Other legitimate UW applications and websites may display a different URL during sign-in, where you see something besides the two web addresses shown above. If the web address looks unfamiliar or suspicious, you should stop signing in, and not do any further authentication. You can instead take a screenshot and contact help@uw.edu, and provide the screenshot to have it checked as legitimate or not.
Duo’s “Remember Me” feature is changing too
With the new Duo prompt experience, there is also a change to how to select “remember me” for future sign-ins. The actual handy behavior of “remember me” is not changing; you can read more about this at https://it-webdev01.s.uw.edu/tools-services-support/access-authentication/2fa/remember-me/.
In the new Duo experience, you will be asked “Is this your device?” If you select “Yes, this is my device”, Duo will remember your device for the next 30 days just as “remember me” would do. If you select “No, other people use this device,” then Duo will prompt you for 2FA the next time you log in with that browser.
The language in the new process similarly mirrors the behavior of the previous “Remember me on this browser” check box. Unchecked, you would be prompted for Duo on your next sign-in with that browser, while checking it gives you a 30-day period where this browser would no longer require 2FA upon sign-in.
While the look and language have changed, the familiar behavior of “Remember me” stays the same.