Skip to Main Content

UCPath FAQ

Frequently Asked Questions (FAQ): Enhanced UCPath Security Verification Process

General Information

Online security is essential for protecting sensitive information, systems, and networks from unauthorized access, theft, and damage. In today’s digital world, personal, financial, and organizational data are highly valuable and targeted by cybercriminals. Enhanced security measures like Verified Duo Push help reduce the risk of unauthorized access and cyberattacks.

This change is part of UC’s proactive approach to improving security across its systems. It reflects the growing need to stay ahead of evolving cyber threats and ensures UC is taking all necessary steps to protect your data.

This change currently impacts only UCPath. This initiative marks a step toward expanding enhanced security verification via Verified Duo Push to other UC and UCLA systems in the future.

Using Verified Duo Push

Verified Duo Push enhances multi-factor authentication (MFA) by requiring users to:

  1. Receive a push notification on their Duo Mobile app.
  2. Enter a four-digit verification code displayed in their browser into the Duo Mobile app.

This process ensures that only verified users can approve login requests, reducing the risk of unauthorized access.

Verified Duo Push requires:

Logins will continue to be allowed the non-verified version of Duo Push for a short period on previous versions of your app. Users will be asked to update their authentication options to meet the new standard during this time. As of February 28, 2025, those who still need to update their Duo Mobile app will not be able to access UCPath. 

After December 20, 2024, SMS and phone call-backs will not be supported for authenticating in UCPath. 

Notice for the exception group: 

Please note that a few users have been granted a temporary extension to use SMS or phone call-back for authenticating until February 28, 2025. Individuals in this exception group have received a separate email from the Chief Information Officer outlining steps they need to take to remain in compliance. 

If you lose your device:

  • For assistance with authentication, please contact the ITS Help Desk at (310) 267-HELP (4357).

Users with university-issued physical tokens (e.g., Duo D-100) can continue using them until February 28, 2025. After this date, additional actions may be required to transition to Verified Duo Push.

Device Compatibility and Usage

To be compatible, your device must meet the following requirements:

To verify the Duo Mobile app version:

  • Open the Duo Mobile app on your device
  • Tap the Menu icon in the top-left corner
  • Locate the version number at the bottom of the menu
  • Ensure it is version 4.49.0 or later

If your phone is not compatible:

  • Update your phone’s operating system if possible
  • If the OS cannot be updated, request a security token through the ServiceNow form
  • For additional help, contact the IT Support Center at (310) 267-HELP (4357) or visit 124 Kerckhoff Hall
  • If you have one compatible device, UCPath will default to that device for login

No, there are alternative methods available:

  • Use a YubiKey token or D-100 Duo token
  • Enroll an additional mobile device, such as an iPad or tablet
  • Submit a request for a security token through the ServiceNow form

Yes, you can view a tutorial on how to view, manage, and unlink MFA devices

Using Devices and Security Tokens

Starting February 28, 2025, SMS and phone call verification will no longer be valid for UCPath logins. To avoid service disruptions, take the following actions:

  1. If you already have a compatible mobile device linked to your account using Verified Duo Push, no further action is required, but please verify that your Duo Mobile App is updated to the latest required version
  2. If you do not already have a compatible mobile device linked to your account:
  3. If you do not have a compatible or approved device:
    • Submit a request for a security token through the ServiceNow form
    • Update the operating system and Duo Mobile application to ensure both are compatible with Verified Duo Push

Please note that physical security token requests will be evaluated case-by-case and require ITS Security team approval.

For users in restricted environments:

  • You will need to request a security token if you do not already have one
  • Submit your request through the ServiceNow form

Cisco provides options for employees with disabilities to effectively use their application:

If you have questions about workforce accommodations, please contact us at:

Phone: (310) 267-HELP (4357)
Email: help@it.ucla.edu
Office: 124 Kerckhoff Hall

Tokens and Security

  • If you are already using a security token and it has been enrolled in UCLA Multi-Factor Authentication (MFA), no action is required
  • Visit the Registering a Security Key page to learn how to add a personal security token

A security token can be requested under the following conditions:

  • Non-compatible mobile devices that do not support Verified Duo Push
  • Telephony users without compatible devices
  • Work environments with restrictions on mobile devices (e.g., labs, secure zones)
  • Current security token holders with malfunctioning or replacement-needed Duo D-100 tokens
  • Those with disabilities who are unable to log on using the Duo Mobile app
  • Replacement costs for lost security tokens are the responsibility of the user

Support and Resources

For additional questions or assistance, please contact ITS Help Desk:

Phone: (310) 267-HELP (4357)
Email: help@it.ucla.edu
Office: 124 Kerckhoff Hall
 

Key Dates to Remember

  • December 20, 2024: Verified Duo Push becomes effective for all UCPath users.
  • February 28, 2025: Deadline for users with exceptions (e.g., physical token users) to transition to Verified Duo Push.

Thank you for your attention and cooperation in supporting UC’s efforts to enhance digital security and protect sensitive data.