From: Information and Technology
Dear OSU Community,
As we continue to enhance cyber security measures within the OSU community, we want to remind you that passcodes for Duo authentication will retire on May 8, 2024. Passcodes are six-digit codes that are typically generated by a hardware token.
If you authenticate like this, using Verified Duo Push or a physical security key, this change will not affect you. Verified Duo Push displays a 3-digit verification code to enter into the Duo Mobile App on your mobile device and is currently used by most of the OSU community. If this is how you authenticate, you can disregard the remaining message.
If you authenticate like this, using a six-digit numeric password, this change will affect you. Please continue reading this message.
What is changing?
Passcode authentication, which uses a six-digit numeric passcode typically generated by a hardware token and can also be obtained through the Duo Mobile app, will no longer be available starting May 8.
What do I need to do?
If you authenticate in like this, using six-digit passcodes, please switch to a phishing-resistant authentication method, including Duo Verified Push or physical security keys, which plug into your computer to verify your identity without a code.
Duo bypass codes, which are temporary codes generated from a secure site commonly used for exam proctoring, will continue to be available.
For more information about this change, visit beav.es/duo-passcodes.
If you have any questions or concerns, please contact the Service Desk at beav.es/help or by calling 541-737-8787.
We appreciate your cooperation as we strengthen our defenses against cyber threats and protect our data, community, and university.
Respectfully,
David McMorries, Chief Information Security Officer, Office of Information Security
Oregon State University | University Information and Technology