Upcoming Changes
Change in Multi-Factor Authentication Spring 2026
To improve UF’s security posture and help protect against phishing attacks, UFIT is enabling Verified Duo Push starting this Fall as part of UF’s Duo multi-factor authentication platform.
Verified Duo Push will be enabled for university affiliations in phases:
- Tuesday, Nov. 18: All IT staff
- Tuesday, Jan. 27: All UF staff
- Tuesday, Feb. 10: All UF faculty
- Tuesday, Feb. 24: All UF students
What’s Changing
For those currently enrolled in Duo Push, you are prompted with “approve” or “deny” options on the Duo Mobile app when logging into a university website with Shibboleth single sign-on, such as ONE.UF.
With Verified Duo Push, you’ll instead see a 3-digit code on your login screen and will be prompted to enter that code into the Duo Mobile app to verify your login.
This quick step ensures that only you — the person actually logging in — can approve the request.
This upgrade only replaces the existing Duo Push on mobile devices. If you are currently using other MFA offerings to complete your authentication onto university websites, this transition will not affect you.
Why We’re Making This Change
Attackers have started using “MFA bombing” and other forms of social engineering to trick users into approving fraudulent Duo notifications. Verified Duo Push protects against these attacks by requiring you to confirm the exact code shown on your screen, proving that you’re present for the login.
What You Need to Do
- Make sure you have the latest version of Duo Mobile installed on your device.
- When prompted, simply type the 3-digit code displayed on your login screen into the Duo app.
- No enrollment changes are needed — your current Duo setup will continue working.
USER INTERFACE
There is a new look and feel of the prompt screen (shown).
| Browser | Duo Mobile App |
|---|---|
  |
  |
Please contact the UFIT Help Desk if you have any questions or concerns about the changes to the multi-factor prompt.