Changes to Duo Multi-Factor Authentication Prompt Coming Soon

Dear Bruin Community:

I write this message to inform the campus community that there are changes coming to the look and feel of the Duo Multi-Factor Authentication (MFA) prompt when logging in to services with UCLA Single Sign-On (SSO).

UCLA utilizes Duo Security as our vendor for MFA integration, and the company has announced an updated version of the MFA prompt named “Universal Prompt.” To address a critical security vulnerability, UCLA needs to convert to Universal Prompt on Tuesday, May 24, 2022.

You may notice the following when logging in and utilizing the new MFA prompt:

  • The look and feel of Universal Prompt will be different but it will support the same features (please see images below and on the Changes to the DUO Prompt page)
  • The URL in the address bar will start with "https://shb.ais.ucla.edu" on the page requesting your username and password, but will switch to a URL similar to "https://api-xxxxxxxx.duosecurity.com"
  • The MFA prompt will automatically perform the most secure method of authorizing your logon (e.g. Duo push) when the Universal Prompt is first used
  • The MFA prompt will automatically perform the last utilized authorization method on subsequent logins
  • To change MFA device options there will be an “Other Options” link at the bottom of the prompt
  • “Remember me for 12 hours” has been renamed to “Trust this browser?” which will be displayed on a separate screen and does not state the amount of time for which the browser will be trusted

Please note these changes do not apply to Mednet accounts using the UCLA Health login; UCLA Health is not implementing Universal Prompt at this time.

Please visit the Office of the Chief Information Security Officer website to see the updated look and feel. While these adjustments may take some getting used to, they will streamline the authentication process while improving the security accessibility of the tool. Thank you for your attention to these changes.

Sincerely,

David Shaw
Chief Information Security Officer


Current Duo prompt screen:

Screenshot of the current DUO prompt for UCLA. Prompts to select device, choose an authentication method, and shows banner "pushed a login request to your device"

 

New Duo prompt screen:

New DUO prompt screen. UCLA logo. "Check for DUO push. Verify it's you by approving the notification.. Sent to "iPhone 12" (***-***-0253). Other options. Need help? Secured by Duo"