Changes to Duo Prompts for Informational Campus Communications (Friday, October 28, 2022)

Overview

To reduce potential threats resulting from compromised University accounts via phishing and Two-Factor Authentication (2FA) bombing, Information Technology Services (ITS) is reducing the number of Duo requests authorized before a system soft-lock for fifteen minutes takes effect. This process will reduce the susceptibility of campus users to 2FA bombing attempts.

2FA bombing happens when a cybercriminal attacks a susceptible account with multiple account-access requests. After gaining an approved Duo request, the attacker infiltrates additional 2FA devices and systems. The username and password are now compromised, and the cybercriminal has full access to the account.

What Can You Expect

On Friday, October 28, 2022, at 10 a.m., the number of Duo request prompts will be reduced. If the account exceeds the number of Duo request prompts, a soft-lock will be placed on the account to prevent further attempts for the next fifteen minutes.

Support

If you experience issues or need assistance, please contact the ITS Service Desk at service@sfsu.edu or 415-338-1420.