Due to a security issue that can be exploited when using the one-time passcodes generated in the Duo Mobile App, CaTS will be disabling this feature on June 30th, 2023. These codes do not expire until they are used, which allows hackers to capture the one-time passcodes via a fraudulent authentication page. With an individual’s password and the one-time passcode, the hacker can then add their phone number as an authorized 2FA device.
To protect the Wright State community from this exploit, CaTS will be disabling the use of Duo Mobile generated one-time passcodes on Friday, June 30th. Individuals will instead be required to use the Duo Push option in combination with the Duo Mobile App.
This change will not affect the other methods of authenticating via Duo, such as push notifications (preferred), the phone call feature (Faculty and Staff only), SMS/text passcodes, and FOB access codes.
For more information on the Duo 2-FA authentication service and its usage, visit https://www.wright.edu/information-technology/two-factor-authentication.
If you have any questions, please contact the CaTS Help Desk at 937-775-4827 or firstname.lastname@example.org.