Verified Duo Push

The verification code option for Duo Push provides additional security against push harassment and fatigue attacks by asking the user to enter a verification code while approving a Duo Push authentication request. It also provides improved fraud reporting from end-users by directing them toward the fraud report option in Duo Mobile when they receive unexpected Duo Push login requests.

When a user logs into an application that shows the Duo Universal Prompt or uses an Auth API client application updated to support Duo Verified Push and you have push verification enabled in the effective policy, they will see a numeric code three to six digits in length (based on your preference) in the prompt which must be entered to approve the Duo Push request on their authentication device. This ensures users cannot accidentally approve login requests when they aren’t actively logging in to the application.

Here’s an example of what Duo will look like when you are prompted for a Duo Verified Push: