K-State Today

Important changes to Duo authentication

Friday, April 18, 2025

Two Duo promts showing three-digit codes on a purple background
An extra layer of security has been added to the university's two-factor authentication service, Duo, which will now require a three-digit code. The left image shows what you will see on your computer, while the right image displays what you will see on your mobile phone or tablet.

The next time you log in to K-State's IT systems and are required to authenticate, you will notice an additional layer of security: Duo Verified Push notifications.

This feature adds a three-digit verification code to the Duo Push authentication process, requiring users to enter the code on their mobile device or tablet before approving the request.

This extra layer of security is designed to prevent unauthorized access and is similar to the verification process used by many online banking or retail sites.

How to safely access K-State system:

  • Navigate directly to the system or service, such as Webmail or HRIS, and log in using your eID and password.
  • After logging in, you will see an on-screen prompt asking you to authenticate with Duo.
  • If you use your cell phone or tablet to authenticate, you will receive a notification on your computer screen to "Enter code in Duo Mobile," as well as a Duo push notification on your mobile device.
  • The on-screen prompt on your computer will now display a three-digit code. Enter this code into the Duo app on your cell phone or tablet.
  • Select "Verify."
  • After you click "Verify," another message will appear on your computer asking you to choose "Yes, this is my device" or "No, other people use this device."

This process ensures that your access remains secure. The three-digit code prevents accidental or unauthorized approvals of Duo Push requests. It is designed to confirm that you are the one initiating the login. Requiring this extra step to approve login requests enhances security and makes it more difficult for attackers to circumvent Multi-Factor Authentication, or MFA.

The three-digit code is only used with Push Notifications and does not apply to other Duo authentication options. To learn more about Duo authentication, view the Duo webpage. 

K-State staff will never ask you for this code. Only enter this code directly into the Duo authentication app. Never share this code with anyone via text message, telephone calls or email. If someone contacts you asking for this code, please contact abuse@ksu.edu immediately. K-State will never ask you for personal information or request that you verify your identity or access Duo or another authentication system through email or by clicking on a link.

Reminder: If you receive a suspected phishing email, please forward the entire message to abuse@k-state.edu. If you have any questions about the validity of an email, it's best to err on the side of caution and contact the IT Service Desk.

Submitted by IT Service Desk, doucette@k-state.edu