MIT community members accessing systems using Touchstone and Duo authentication will notice some visual changes and an improved two-factor authentication experience as Information Systems and Technology (IS&T) implements updates to the Institute's single sign-on web authentication service on Friday, March 22, after 6 p.m.
Duo has introduced a new, simplified "universal prompt" screen. Instead of prompting the user to choose an authentication method every time, Duo will now automatically try the user's preferred method. For most, this means an immediate push notification via the Duo mobile app. If the person logging in needs to choose another method, they can click "other options" to select an alternate.
Previously, the Duo prompt was embedded within MIT's Touchstone login page (or the application's own page, in cases where a non-Touchstone site uses Duo directly). With this change, the prompt is a duosecurity.com page, which you can verify by checking the URL shown in your browser.
IS&T will also be updating the Touchstone login screen to use MIT's new logo. To verify you are seeing a legitimate Touchstone login, and not a fake page created by a scammer, make sure the URL is idp.mit.edu.
As always, do not accept any Duo pushes to your device that you did not initiate, which indicate that someone has your password. If you receive a Duo push that you didn’t request, change your password immediately and notify our Security team at security@mit.edu.
Some phishing scams may prompt you for your Duo passcode after tricking you into entering your password. If you suspect a scammer is asking for your Duo passcode, change your password and contact Security.
These changes are part of ongoing efforts to improve security and digital experiences at MIT. Visit IS&T's news section or subscribe to the RSS feed for updates as this work continues.
0 Comments
|Login to Comment on this story