Duo phone calls (“Call Me”) no longer accepted on Tuesday, March 29, 2022

Ryan Real, CCIT Communications
Tuesday, March 8

CCIT and Clemson University are continually evaluating cybersecurity protocols and practices to ensure the safety of our Clemson community and systems. As part of this, we have recently begun making changes to many of our Duo two-factor authentication practices to enhance security.

A major upcoming change in our practice includes the removal of the Duo phone call (“Call Me”) option to authenticate when logging into ANY Clemson system beginning on Tuesday, March 29. Both currently and after this date, you can still use the Duo Mobile app’s “Send Me a Push” option, the SMS (text message) option, or a hardware token (like YubiKey) to verify your identity.

Due to the end-to-end encryption and stability of the Duo Mobile app, we strongly recommend the push option. If your phone is not receiving push messages properly, please visit 2fa.clemson.edu to reactivate your device.

As a reminder to the community, below is a recap of recent changes we have already made in recent weeks to enhance the level of security associated with two-factor authentication using Duo:

• February 9: Duo phone call prompt changed to “1 to approve, 9 to deny”
• February 9: Duo Mobile Passcode removal from all Clemson systems and applications
• February 21: Duo phone call removal from CUapps (Citrix) and SecureVDI
• March 3: Duo phone call removal from Clemson Virtual Private Network (VPN)

As a reminder, please do not accept any Duo authentication requests you did not just initiate yourself.

To reactivate push messages on your phone or manage your preferred authentication methods, please visit 2fa.clemson.edu.

If you have questions or need assistance – including if today your only method of authenticating is use of Duo Call Me (telephone option) and will now need a hardware token device to authenticate  – please contact the CCIT Support Center at (864) 656-3494.