Duo Mobile changes authentication process

Posted on January 24, 2024

.flex_cell.av-2ugxwg8o-aa3806ea933fd85f79147bf46ae9aa20{
vertical-align:top;
}

Duo Mobile changes authentication process

USC employees must now use Duo Verified Push to access their University accounts.

#top .hr.hr-invisible.av-2h74y1yw-2d0bfb8e15ab3700d8951dd43c4aec19{
height:10px;
}

By MAX RUBENSTEIN

January 24, 2024

#top .hr.hr-invisible.av-24g93jqw-d9bf69251b638f20d28c7e7c8c1e9d1d{
height:10px;
}

.avia-image-container.av-lrr5wfpt-772a981346a71e09bc6d36db5e6c0bcc img.avia_image{
box-shadow:none;
}
.avia-image-container.av-lrr5wfpt-772a981346a71e09bc6d36db5e6c0bcc .av-image-caption-overlay-center{
color:#ffffff;
}

a phone using duo mobile is unlocking a computer
Duo Mobile was first implemented by USC in January 2022 in an attempt to add an extra protection feature to the USC systems which require the online NetID sign-in process. (Wesley Chen / Daily Trojan)

.flex_cell.av-1ucktj5k-40fdab178c88b4100b0c550ff7657625{
vertical-align:top;
}

.flex_cell.av-1k1wp5o8-8263de1f4f9ab1c7440826f0f95f443b{
vertical-align:top;
}

The Duo Security authentication process has adopted new features that change the way the USC community can log into their University accounts. According to the Digital Campus, USC’s website for technological advances and resources, the updates will affect students differently than faculty, staff and student workers.

For students, much of the software is staying exactly the same. They will still be able to “Duo Push on the app, call and text via carrier, and [use] security keys via browser.” The main change is a feature called Duo Universal Prompt, meant to streamline the process.

Daily headlines, sent straight to your inbox.

Subscribe to our newsletter to keep up with the latest at and around USC.

(function(global) {
function serialize(form){if(!form||form.nodeName!==”FORM”){return }var i,j,q=[];for(i=form.elements.length-1;i>=0;i=i-1){if(form.elements[i].name===””){continue}switch(form.elements[i].nodeName){case”INPUT”:switch(form.elements[i].type){case”text”:case”hidden”:case”password”:case”button”:case”reset”:case”submit”:q.push(form.elements[i].name+”=”+encodeURIComponent(form.elements[i].value));break;case”checkbox”:case”radio”:if(form.elements[i].checked){q.push(form.elements[i].name+”=”+encodeURIComponent(form.elements[i].value))}break;case”file”:break}break;case”TEXTAREA”:q.push(form.elements[i].name+”=”+encodeURIComponent(form.elements[i].value));break;case”SELECT”:switch(form.elements[i].type){case”select-one”:q.push(form.elements[i].name+”=”+encodeURIComponent(form.elements[i].value));break;case”select-multiple”:for(j=form.elements[i].options.length-1;j>=0;j=j-1){if(form.elements[i].options[j].selected){q.push(form.elements[i].name+”=”+encodeURIComponent(form.elements[i].options[j].value))}}break}break;case”BUTTON”:switch(form.elements[i].type){case”reset”:case”submit”:case”button”:q.push(form.elements[i].name+”=”+encodeURIComponent(form.elements[i].value));break}break}}return q.join(“&”)};

function extend(destination, source) {
for (var prop in source) {
destination[prop] = source[prop];
}
}

if (!Mimi) var Mimi = {};
if (!Mimi.Signups) Mimi.Signups = {};

Mimi.Signups.EmbedValidation = function() {
this.initialize();

var _this = this;
if (document.addEventListener) {
this.form.addEventListener(‘submit’, function(e){
_this.onFormSubmit(e);
});
} else {
this.form.attachEvent(‘onsubmit’, function(e){
_this.onFormSubmit(e);
});
}
};

extend(Mimi.Signups.EmbedValidation.prototype, {
initialize: function() {
this.form = document.getElementById(’ema_signup_form’);
this.submit = document.getElementById(‘webform_submit_button’);
this.callbackName = ‘jsonp_callback_’ + Math.round(100000 * Math.random());
this.validEmail = /.+@.+..+/
},

onFormSubmit: function(e) {
e.preventDefault();

this.validate();
if (this.isValid) {
this.submitForm();
} else {
this.revalidateOnChange();
}
},

validate: function() {
this.isValid = true;
this.emailValidation();
this.fieldAndListValidation();
this.updateFormAfterValidation();
},

emailValidation: function() {
var email = document.getElementById(‘signup_email’);

if (this.validEmail.test(email.value)) {
this.removeTextFieldError(email);
} else {
this.textFieldError(email);
this.isValid = false;
}
},

fieldAndListValidation: function() {
var fields = this.form.querySelectorAll(‘.mimi_field.required’);

for (var i = 0; i = 0) {
return ‘checkboxes’;
} else {
return ‘text_field’;
}
},

checkboxAndRadioValidation: function(field) {
var inputs = field.getElementsByTagName(‘input’),
selected = false;

for (var i = 0; i < inputs.length; ++i) {
var input = inputs[i];
if((input.type === 'checkbox' || input.type === 'radio') && input.checked) {
selected = true;
}
}

if (selected) {
field.className = field.className.replace(/ invalid/g, '');
} else {
if (field.className.indexOf('invalid') === -1) {
field.className += ' invalid';
}

this.isValid = false;
}
},

textAndDropdownValidation: function(field, type) {
var inputs = field.getElementsByTagName('input');

for (var i = 0; i = 0) {
if (type === ‘text_field’) {
this.textValidation(input);
} else {
this.dropdownValidation(field, input);
}
}
}
this.htmlEmbedDropdownValidation(field);
},

textValidation: function(input) {
if (input.id === ‘signup_email’) return;

if (input.value) {
this.removeTextFieldError(input);
} else {
this.textFieldError(input);
this.isValid = false;
}
},

dropdownValidation: function(field, input) {
if (input.value) {
field.className = field.className.replace(/ invalid/g, ”);
} else {
if (field.className.indexOf(‘invalid’) === -1) field.className += ‘ invalid’;
this.onSelectCallback(input);
this.isValid = false;
}
},

htmlEmbedDropdownValidation: function(field) {
var dropdowns = field.querySelectorAll(‘.mimi_html_dropdown’);
var _this = this;

for (var i = 0; i < dropdowns.length; ++i) {
var dropdown = dropdowns[i];

if (dropdown.value) {
field.className = field.className.replace(/ invalid/g, '');
} else {
if (field.className.indexOf('invalid') === -1) field.className += ' invalid';
this.isValid = false;
dropdown.onchange = (function(){ _this.validate(); });
}
}
},

textFieldError: function(input) {
input.className = 'required invalid';
input.placeholder = input.getAttribute('data-required-field');
},

removeTextFieldError: function(input) {
input.className = 'required';
input.placeholder = '';
},

onSelectCallback: function(input) {
if (typeof Widget === 'undefined' || !Widget.BasicDropdown) return;

var dropdownEl = input.parentNode,
instances = Widget.BasicDropdown.instances,
_this = this;

for (var i = 0; i < instances.length; ++i) {
var instance = instances[i];
if (instance.wrapperEl === dropdownEl) {
instance.onSelect = function(){ _this.validate() };
}
}
},

updateFormAfterValidation: function() {
this.form.className = this.setFormClassName();
this.submit.value = this.submitButtonText();
this.submit.disabled = !this.isValid;
this.submit.className = this.isValid ? 'submit' : 'disabled';
},

setFormClassName: function() {
var name = this.form.className;

if (this.isValid) {
return name.replace(/s?mimi_invalid/, '');
} else {
if (name.indexOf('mimi_invalid') === -1) {
return name += ' mimi_invalid';
} else {
return name;
}
}
},

submitButtonText: function() {
var invalidFields = document.querySelectorAll('.invalid'),
text;

if (this.isValid || !invalidFields) {
text = this.submit.getAttribute('data-default-text');
} else {
if (invalidFields.length || invalidFields[0].className.indexOf('checkgroup') === -1) {
text = this.submit.getAttribute('data-invalid-text');
} else {
text = this.submit.getAttribute('data-choose-list');
}
}
return text;
},

submitForm: function() {
this.formSubmitting();

var _this = this;
window[this.callbackName] = function(response) {
delete window[this.callbackName];
document.body.removeChild(script);
_this.onSubmitCallback(response);
};

var script = document.createElement('script');
script.src = this.formUrl('json');
document.body.appendChild(script);
},

formUrl: function(format) {
var action = this.form.action;
if (format === 'json') action += '.json';
return action + '?callback=' + this.callbackName + '&' + serialize(this.form);
},

formSubmitting: function() {
this.form.className += ' mimi_submitting';
this.submit.value = this.submit.getAttribute('data-submitting-text');
this.submit.disabled = true;
this.submit.className = 'disabled';
},

onSubmitCallback: function(response) {
if (response.success) {
this.onSubmitSuccess(response.result);
} else {
top.location.href = this.formUrl('html');
}
},

onSubmitSuccess: function(result) {
if (result.has_redirect) {
top.location.href = result.redirect;
} else if(result.single_opt_in || !result.confirmation_html) {
this.disableForm();
this.updateSubmitButtonText(this.submit.getAttribute('data-thanks'));
} else {
this.showConfirmationText(result.confirmation_html);
}
},

showConfirmationText: function(html) {
var fields = this.form.querySelectorAll('.mimi_field');

for (var i = 0; i < fields.length; ++i) {
fields[i].style['display'] = 'none';
}

(this.form.querySelectorAll('fieldset')[0] || this.form).innerHTML = html;
},

disableForm: function() {
var elements = this.form.elements;
for (var i = 0; i < elements.length; ++i) {
elements[i].disabled = true;
}
},

updateSubmitButtonText: function(text) {
this.submit.value = text;
},

revalidateOnChange: function() {
var fields = this.form.querySelectorAll(".mimi_field.required"),
_this = this;

var onTextFieldChange = function() {
if (this.getAttribute('name') === 'signup[email]') {
if (_this.validEmail.test(this.value)) _this.validate();
} else {
if (this.value.length === 1) _this.validate();
}
}

for (var i = 0; i < fields.length; ++i) {
var inputs = fields[i].getElementsByTagName('input');
for (var j = 0; j < inputs.length; ++j) {
if (this.fieldType(fields[i]) === 'text_field') {
inputs[j].onkeyup = onTextFieldChange;
inputs[j].onchange = onTextFieldChange;
} else {
inputs[j].onchange = function(){ _this.validate() };
}
}
}
}
});

if (document.addEventListener) {
document.addEventListener("DOMContentLoaded", function() {
new Mimi.Signups.EmbedValidation();
});
}
else {
window.attachEvent('onload', function() {
new Mimi.Signups.EmbedValidation();
});
}
})(this);

When a user logs in for the first time, Duo will select the most secure login method, although students may opt to view other options. According to the announcement, the most secure methods are “platform authenticators … (like Touch ID) or roaming authenticators … (like [a] security key),” followed by push notifications. For future logins, users will be shown whichever method they chose the previous time.

For staff, faculty and student workers, the process will be slightly different. According to a separate webpage, their login experience is adopting a feature called Duo Verified Push. Instead of being able to accept a push notification, Verified Push will display a three-digit code that they must enter on their mobile device to login rather than just pressing “approve.” Although employees currently have the option to set a continual password through Duo Mobile App Passcodes, this feature will no longer be available.

According to a video hyperlinked on the announcement page from ITS News, “Push is commonly targeted by threat actors of USC, and this additional layer of security will protect both the university and [user] information, helping prevent push harassment and accidental push approvals.”

Some non-students were confused by the change and frustrated by the extra steps in the login process.

“If someone can do a verified push [by unlocking your phone], then adding an SMS feature on top of this, I don’t see how it provides additional security,”said Abhishek Balakrishna, an assistant professor of mathematics.

Balakrishna also argued that if a phone’s security is compromised, both Push and Verified Push would become indistinguishable, as the three-digit code could still be intercepted. 

“I think that it would waste a lot of time,” said Jay Maniyar, a graduate student majoring in business analytics. “I think they can come up with a better option that could facilitate an easier process.” 

The University declined to comment when asked to offer further insights on the rationale behind extending this security layer to all users except students.

#top .hr.hr-invisible.av-15udrwxk-21f88c747618c36154e76f774ff68485{
height:20px;
}

DONATION PLUG – PLEASE DO NOT TOUCH

Thank you for reading the Daily Trojan.

We are the only independent newspaper here at USC, run at every level by students. That means we aren’t tied down by any other interests but those of readers like you: the students, faculty, staff and South Central residents that together make up the USC community.

Independence is a double-edged sword: We have a unique lens into the University’s actions and policies, and can hold powerful figures accountable when others cannot. But that also means our budget is severely limited. We’re already spread thin as we compensate the writers, photographers, artists, designers and editors whose incredible work you see in our daily paper; as we work to revamp and expand our digital presence, we now have additional staff making podcasts, videos, webpages, our first ever magazine and social media content, who are at risk of being unable to receive the support they deserve.

We are therefore indebted to readers like you, who, by supporting us, help keep our paper daily (we are the only remaining college paper on the West Coast that prints every single weekday), independent, free and widely accessible.

Please consider supporting us. Even $1 goes a long way in supporting our work; if you are able, you can also support us with monthly, or even annual, donations. Thank you.

Donate

Wesley Chen, max-rubenstein, news, spring-2024

.flex_cell.av-a5ews8o-91b0cd82c231b7ff28c6492df8f4e7e2{
vertical-align:top;
}

Trending Posts

Got a story idea?

SUBMIT A TIP >>


SPANISH SUPPLEMENTS

Artículos en español, por escritores de habla hispana.
Articles in Spanish, by Spanish-speaking writers.

ADVERTISEMENTS

Looking to advertise with us? Visit dailytrojan.com/ads.

The post Duo Mobile changes authentication process appeared first on Daily Trojan.

Read more here: https://dailytrojan.com/2024/01/24/duo-mobile-changes-authentication-process/
Copyright 2024