Duo Verified Push Coming September 17

Starting Wednesday, September 17, 2025, UNC Charlotte will implement Duo Verified Push for all users of Duo Multi-Factor Authentication (MFA). This change is part of the university’s ongoing efforts to enhance cybersecurity and protect NinerNET accounts from unauthorized access.

What’s Changing?

If you use Duo Push to log in to UNC Charlotte services (including Single Sign-On), you’ll now see a three-digit verification code in the Duo browser prompt (see this FAQ). You’ll need to enter this code into the Duo Mobile app to complete your login.

Note: MFA methods using phone calls or YubiKeys will not be affected by this change.

Compromised Accounts: New Requirements

Also beginning September 17, if your NinerNET account is compromised, you will be required to use Duo Verified Push for future logins and added to risk based authentication (see this FAQ). SMS text messages and phone calls will no longer be allowed for MFA in these cases.

This policy helps ensure that compromised accounts are secured with the most robust authentication method available.

Why This Change?

The new verification code is designed to combat cyberattacks like:

• Push fatigue: Attackers send repeated push notifications hoping users will approve them out of frustration.
• Push harassment: Similar tactics used to trick users into approving unauthorized logins.

By requiring a code that only the legitimate user can see, Duo Verified Push ensures that only intentional, user-initiated logins are approved.

Important: Only approve Duo pushes that you initiate yourself. Never share the verification code with anyone.

If you have any issues or questions, feel free to reach out to the OneIT Service Desk.