.flex_cell.av-2ugxwg8o-aa3806ea933fd85f79147bf46ae9aa20{
vertical-align:top;
}
Duo Mobile changes authentication process
USC employees must now use Duo Verified Push to access their University accounts.
#top .hr.hr-invisible.av-2h74y1yw-2d0bfb8e15ab3700d8951dd43c4aec19{
height:10px;
}
By MAX RUBENSTEIN
#top .hr.hr-invisible.av-24g93jqw-d9bf69251b638f20d28c7e7c8c1e9d1d{
height:10px;
}
.avia-image-container.av-lrr5wfpt-772a981346a71e09bc6d36db5e6c0bcc img.avia_image{
box-shadow:none;
}
.avia-image-container.av-lrr5wfpt-772a981346a71e09bc6d36db5e6c0bcc .av-image-caption-overlay-center{
color:#ffffff;
}
Duo Mobile was first implemented by USC in January 2022 in an attempt to add an extra protection feature to the USC systems which require the online NetID sign-in process. (Wesley Chen / Daily Trojan)
.flex_cell.av-1ucktj5k-40fdab178c88b4100b0c550ff7657625{
vertical-align:top;
}
.flex_cell.av-1k1wp5o8-8263de1f4f9ab1c7440826f0f95f443b{
vertical-align:top;
}
The Duo Security authentication process has adopted new features that change the way the USC community can log into their University accounts. According to the Digital Campus, USC’s website for technological advances and resources, the updates will affect students differently than faculty, staff and student workers.
For students, much of the software is staying exactly the same. They will still be able to “Duo Push on the app, call and text via carrier, and [use] security keys via browser.” The main change is a feature called Duo Universal Prompt, meant to streamline the process.
Daily headlines, sent straight to your inbox.
Subscribe to our newsletter to keep up with the latest at and around USC.
(function(global) {
function serialize(form){if(!form||form.nodeName!==”FORM”){return }var i,j,q=[];for(i=form.elements.length-1;i>=0;i=i-1){if(form.elements[i].name===””){continue}switch(form.elements[i].nodeName){case”INPUT”:switch(form.elements[i].type){case”text”:case”hidden”:case”password”:case”button”:case”reset”:case”submit”:q.push(form.elements[i].name+”=”+encodeURIComponent(form.elements[i].value));break;case”checkbox”:case”radio”:if(form.elements[i].checked){q.push(form.elements[i].name+”=”+encodeURIComponent(form.elements[i].value))}break;case”file”:break}break;case”TEXTAREA”:q.push(form.elements[i].name+”=”+encodeURIComponent(form.elements[i].value));break;case”SELECT”:switch(form.elements[i].type){case”select-one”:q.push(form.elements[i].name+”=”+encodeURIComponent(form.elements[i].value));break;case”select-multiple”:for(j=form.elements[i].options.length-1;j>=0;j=j-1){if(form.elements[i].options[j].selected){q.push(form.elements[i].name+”=”+encodeURIComponent(form.elements[i].options[j].value))}}break}break;case”BUTTON”:switch(form.elements[i].type){case”reset”:case”submit”:case”button”:q.push(form.elements[i].name+”=”+encodeURIComponent(form.elements[i].value));break}break}}return q.join(“&”)};
function extend(destination, source) {
for (var prop in source) {
destination[prop] = source[prop];
}
}
if (!Mimi) var Mimi = {};
if (!Mimi.Signups) Mimi.Signups = {};
Mimi.Signups.EmbedValidation = function() {
this.initialize();
var _this = this;
if (document.addEventListener) {
this.form.addEventListener(‘submit’, function(e){
_this.onFormSubmit(e);
});
} else {
this.form.attachEvent(‘onsubmit’, function(e){
_this.onFormSubmit(e);
});
}
};
extend(Mimi.Signups.EmbedValidation.prototype, {
initialize: function() {
this.form = document.getElementById(’ema_signup_form’);
this.submit = document.getElementById(‘webform_submit_button’);
this.callbackName = ‘jsonp_callback_’ + Math.round(100000 * Math.random());
this.validEmail = /.+@.+..+/
},
onFormSubmit: function(e) {
e.preventDefault();
this.validate();
if (this.isValid) {
this.submitForm();
} else {
this.revalidateOnChange();
}
},
validate: function() {
this.isValid = true;
this.emailValidation();
this.fieldAndListValidation();
this.updateFormAfterValidation();
},
emailValidation: function() {
var email = document.getElementById(‘signup_email’);
if (this.validEmail.test(email.value)) {
this.removeTextFieldError(email);
} else {
this.textFieldError(email);
this.isValid = false;
}
},
fieldAndListValidation: function() {
var fields = this.form.querySelectorAll(‘.mimi_field.required’);
for (var i = 0; i = 0) {
return ‘checkboxes’;
} else {
return ‘text_field’;
}
},
checkboxAndRadioValidation: function(field) {
var inputs = field.getElementsByTagName(‘input’),
selected = false;
for (var i = 0; i < inputs.length; ++i) {
var input = inputs[i];
if((input.type === 'checkbox' || input.type === 'radio') && input.checked) {
selected = true;
}
}
if (selected) {
field.className = field.className.replace(/ invalid/g, '');
} else {
if (field.className.indexOf('invalid') === -1) {
field.className += ' invalid';
}
this.isValid = false;
}
},
textAndDropdownValidation: function(field, type) {
var inputs = field.getElementsByTagName('input');
for (var i = 0; i = 0) {
if (type === ‘text_field’) {
this.textValidation(input);
} else {
this.dropdownValidation(field, input);
}
}
}
this.htmlEmbedDropdownValidation(field);
},
textValidation: function(input) {
if (input.id === ‘signup_email’) return;
if (input.value) {
this.removeTextFieldError(input);
} else {
this.textFieldError(input);
this.isValid = false;
}
},
dropdownValidation: function(field, input) {
if (input.value) {
field.className = field.className.replace(/ invalid/g, ”);
} else {
if (field.className.indexOf(‘invalid’) === -1) field.className += ‘ invalid’;
this.onSelectCallback(input);
this.isValid = false;
}
},
htmlEmbedDropdownValidation: function(field) {
var dropdowns = field.querySelectorAll(‘.mimi_html_dropdown’);
var _this = this;
for (var i = 0; i < dropdowns.length; ++i) {
var dropdown = dropdowns[i];
if (dropdown.value) {
field.className = field.className.replace(/ invalid/g, '');
} else {
if (field.className.indexOf('invalid') === -1) field.className += ' invalid';
this.isValid = false;
dropdown.onchange = (function(){ _this.validate(); });
}
}
},
textFieldError: function(input) {
input.className = 'required invalid';
input.placeholder = input.getAttribute('data-required-field');
},
removeTextFieldError: function(input) {
input.className = 'required';
input.placeholder = '';
},
onSelectCallback: function(input) {
if (typeof Widget === 'undefined' || !Widget.BasicDropdown) return;
var dropdownEl = input.parentNode,
instances = Widget.BasicDropdown.instances,
_this = this;
for (var i = 0; i < instances.length; ++i) {
var instance = instances[i];
if (instance.wrapperEl === dropdownEl) {
instance.onSelect = function(){ _this.validate() };
}
}
},
updateFormAfterValidation: function() {
this.form.className = this.setFormClassName();
this.submit.value = this.submitButtonText();
this.submit.disabled = !this.isValid;
this.submit.className = this.isValid ? 'submit' : 'disabled';
},
setFormClassName: function() {
var name = this.form.className;
if (this.isValid) {
return name.replace(/s?mimi_invalid/, '');
} else {
if (name.indexOf('mimi_invalid') === -1) {
return name += ' mimi_invalid';
} else {
return name;
}
}
},
submitButtonText: function() {
var invalidFields = document.querySelectorAll('.invalid'),
text;
if (this.isValid || !invalidFields) {
text = this.submit.getAttribute('data-default-text');
} else {
if (invalidFields.length || invalidFields[0].className.indexOf('checkgroup') === -1) {
text = this.submit.getAttribute('data-invalid-text');
} else {
text = this.submit.getAttribute('data-choose-list');
}
}
return text;
},
submitForm: function() {
this.formSubmitting();
var _this = this;
window[this.callbackName] = function(response) {
delete window[this.callbackName];
document.body.removeChild(script);
_this.onSubmitCallback(response);
};
var script = document.createElement('script');
script.src = this.formUrl('json');
document.body.appendChild(script);
},
formUrl: function(format) {
var action = this.form.action;
if (format === 'json') action += '.json';
return action + '?callback=' + this.callbackName + '&' + serialize(this.form);
},
formSubmitting: function() {
this.form.className += ' mimi_submitting';
this.submit.value = this.submit.getAttribute('data-submitting-text');
this.submit.disabled = true;
this.submit.className = 'disabled';
},
onSubmitCallback: function(response) {
if (response.success) {
this.onSubmitSuccess(response.result);
} else {
top.location.href = this.formUrl('html');
}
},
onSubmitSuccess: function(result) {
if (result.has_redirect) {
top.location.href = result.redirect;
} else if(result.single_opt_in || !result.confirmation_html) {
this.disableForm();
this.updateSubmitButtonText(this.submit.getAttribute('data-thanks'));
} else {
this.showConfirmationText(result.confirmation_html);
}
},
showConfirmationText: function(html) {
var fields = this.form.querySelectorAll('.mimi_field');
for (var i = 0; i < fields.length; ++i) {
fields[i].style['display'] = 'none';
}
(this.form.querySelectorAll('fieldset')[0] || this.form).innerHTML = html;
},
disableForm: function() {
var elements = this.form.elements;
for (var i = 0; i < elements.length; ++i) {
elements[i].disabled = true;
}
},
updateSubmitButtonText: function(text) {
this.submit.value = text;
},
revalidateOnChange: function() {
var fields = this.form.querySelectorAll(".mimi_field.required"),
_this = this;
var onTextFieldChange = function() {
if (this.getAttribute('name') === 'signup[email]') {
if (_this.validEmail.test(this.value)) _this.validate();
} else {
if (this.value.length === 1) _this.validate();
}
}
for (var i = 0; i < fields.length; ++i) {
var inputs = fields[i].getElementsByTagName('input');
for (var j = 0; j < inputs.length; ++j) {
if (this.fieldType(fields[i]) === 'text_field') {
inputs[j].onkeyup = onTextFieldChange;
inputs[j].onchange = onTextFieldChange;
} else {
inputs[j].onchange = function(){ _this.validate() };
}
}
}
}
});
if (document.addEventListener) {
document.addEventListener("DOMContentLoaded", function() {
new Mimi.Signups.EmbedValidation();
});
}
else {
window.attachEvent('onload', function() {
new Mimi.Signups.EmbedValidation();
});
}
})(this);
When a user logs in for the first time, Duo will select the most secure login method, although students may opt to view other options. According to the announcement, the most secure methods are “platform authenticators … (like Touch ID) or roaming authenticators … (like [a] security key),” followed by push notifications. For future logins, users will be shown whichever method they chose the previous time.
For staff, faculty and student workers, the process will be slightly different. According to a separate webpage, their login experience is adopting a feature called Duo Verified Push. Instead of being able to accept a push notification, Verified Push will display a three-digit code that they must enter on their mobile device to login rather than just pressing “approve.” Although employees currently have the option to set a continual password through Duo Mobile App Passcodes, this feature will no longer be available.
According to a video hyperlinked on the announcement page from ITS News, “Push is commonly targeted by threat actors of USC, and this additional layer of security will protect both the university and [user] information, helping prevent push harassment and accidental push approvals.”
Some non-students were confused by the change and frustrated by the extra steps in the login process.
“If someone can do a verified push [by unlocking your phone], then adding an SMS feature on top of this, I don’t see how it provides additional security,”said Abhishek Balakrishna, an assistant professor of mathematics.
Balakrishna also argued that if a phone’s security is compromised, both Push and Verified Push would become indistinguishable, as the three-digit code could still be intercepted.
“I think that it would waste a lot of time,” said Jay Maniyar, a graduate student majoring in business analytics. “I think they can come up with a better option that could facilitate an easier process.”
The University declined to comment when asked to offer further insights on the rationale behind extending this security layer to all users except students.
#top .hr.hr-invisible.av-15udrwxk-21f88c747618c36154e76f774ff68485{
height:20px;
}
.flex_cell.av-a5ews8o-91b0cd82c231b7ff28c6492df8f4e7e2{
vertical-align:top;
}
The post Duo Mobile changes authentication process appeared first on Daily Trojan.