Changes are coming to the look and feel of the Duo multi-factor authentication, or MFA, prompt when logging in to services with UCLA single sign-on.
Duo Security, UCLA’s vendor for MFA integration, has updated its security prompt to address a vulnerability. UCLA, with the exception of UCLA Health, will convert to the new prompt on Tuesday, May 24, 2022. This change will not affect the Duo App for mobile devices.
Users may notice the following when logging in and utilizing MFA:
- the address bar URL will start with "https://shb.ais.ucla.edu" on the page requesting username and password, but will switch to a URL similar to “https://api-xxxxxxxx.duosecurity.com”;
- the system will automatically perform the most secure method of authorizing a user’s logon (e.g. Duo push) when the new prompt is first used;
- the prompt will automatically perform the last utilized authorization method on subsequent logins;
- to change MFA device options, there will be an “Other Options” link at the bottom of the prompt.