Office of the Chief Information Security Officer

Online security is essential for protecting sensitive information, systems, and networks from unauthorized access, theft, and damage. In today’s digital world, personal, financial, and organizational data are highly valuable and targeted by cybercriminals. Enhanced security measures like Verified Duo Push help reduce the risk of unauthorized access and cyberattacks.

This change is part of UC’s proactive approach to improving security across its systems. It reflects the growing need to stay ahead of evolving cyber threats and ensures UC is taking all necessary steps to protect your data.

This change currently impacts only UCPath. This initiative marks a step toward expanding enhanced security verification via Verified Duo Push to other UC and UCLA systems in the future.

Verified Duo Push enhances multi-factor authentication (MFA) by requiring users to:

1. Receive a push notification on their Duo Mobile app.
2. Enter a four-digit verification code displayed in their browser into the Duo Mobile app.

This process ensures that only verified users can approve login requests, reducing the risk of unauthorized access.

Verified Duo Push requires:

• Android Duo Mobile version 4.49.0 or later, on Android version 8 or later.
• Apple Duo Mobile version 4.49.0 or later, on iOS version 13 or later.

Logins will continue to be allowed the non-verified version of Duo Push for a short period on previous versions of your app. Users will be asked to update their authentication options to meet the new standard during this time. As of January 31, 2025, those who still need to update their Duo Mobile app will not be able to access UCPath. 

After December 20, 2024, SMS and phone call-backs will not be supported for authenticating in UCPath. 

Notice for the exception group: 

Please note that a few users have been granted a temporary extension to use SMS or phone call-back for authenticating until January 31, 2025. Individuals in this exception group have received a separate email from the Chief Information Officer outlining steps they need to take to remain in compliance. 

If you lose your device:

• For assistance with authentication, please contact the ITS Help Desk.

Users with university-issued physical tokens (e.g., Duo D-100) can continue using them until January 31, 2025. After this date, additional actions may be required to transition to Verified Duo Push.

If you need help logging into UCPath, updating the Duo Mobile app, or troubleshooting MFA issues, please contact the ITS Help Desk at (310) 267-HELP (4357).

• Visit the Office of the Chief Information Security Officer website for detailed guides and resources.
• Watch this step-by-step video on using Verified Duo Push to access UCPath.

• December 20, 2024: Verified Duo Push becomes effective for all UCPath users.
• January 31, 2025: Deadline for users with exceptions (e.g., physical token users) to transition to Verified Duo Push.