Changes to multi-factor authentication security to begin May 24

Changes are coming to the look and feel of the Duo multi-factor authentication, or MFA, prompt when logging in to services with UCLA single sign-on.

Duo Security, UCLA’s vendor for MFA integration, has updated its security prompt to address a vulnerability. UCLA, with the exception of UCLA Health, will convert to the new prompt on Tuesday, May 24, 2022. This change will not affect the Duo App for mobile devices.

Users may notice the following when logging in and utilizing MFA:

the address bar URL will start with "https://shb.ais.ucla.edu" on the page requesting username and password, but will switch to a URL similar to “https://api-xxxxxxxx.duosecurity.com”;
the system will automatically perform the most secure method of authorizing a user’s logon (e.g. Duo push) when the new prompt is first used;
the prompt will automatically perform the last utilized authorization method on subsequent logins;
to change MFA device options, there will be an “Other Options” link at the bottom of the prompt.

Side-by-side visual of the new DUO prompt and old prompt.

Stay Connected

Changes to multi-factor authentication security to begin May 24

Changes to multi-factor authentication security to begin May 24

Top UCLA News

Hospitals serving large Black, Latino populations have fewer resources for cancer

Hollywood Diversity Report finds TV shows more racially, ethnically diverse

Weavings preserve artist’s Navajo heritage as cultural erasures loom

Stella Ghervas wins Laura Shannon Prize for book on contemporary Europe

Stay Connected