1. Home
  2. Security
  3. Duo Security Two-Factor Authentication
  4. User Guide for 2025 Changes

User Guide for 2025 Changes

Changes to Multi-factor Authentication Methods, Fall-Winter 2025 

Background 

As part of this project, Emory University and Emory Healthcare are enhancing their Multi-Factor Authentication (MFA) controls that help protect our users, data, and IT systems against the ever-changing cyber threats capable of bypassing MFA measures. This upgrade, overseen by Emory University’s Office of Information Technology (OIT) in partnership with Emory Digital, involves retiring less robust MFA options (like “Phone Call”) and implementing more secure authentication methods, such as Duo Verified Push. 

FAQs about the Change 

1. Is the Duo mobile app required for all Emory University and Emory Healthcare employees and Emory University students to install on their phones? 

It is strongly recommended for all employees & students to use the Duo application on their personal device of choice because it’s free, secure, and well-supported on most smartphones and tablets. Duo Mobile provides the easiest login experience using Duo Verified Push or passcodes. You can follow the enrollment steps here: Duo Mobile Enrollment Guide 

2. What personal data does Duo Mobile have access to on my phone? 

Duo Mobile app is designed with privacy in mind. The app cannot see your contacts, read text messages, access your photos or files, erase your device, or view information about other apps. It can only use your camera to scan a QR code during setup (if you grant permission). Duo also does not track your location. The only information it stores is the service accounts you explicitly add — and even then, it only retains the name of the service, not personal data. Learn more at: Duo Mobile Privacy Information 

3. What if I don’t want to use the Duo Mobile app on my personal device? 

If a user does not want to use a personal device for their MFA or any of the other free options provided by Emory (like “SMS Passcode”), the user will need to get and use a YubiKey hardware token for access. For more information on Emory approved YubiKeys and related guidance: Emory YubiKey Guidance.docx 

4. The change just rolled out for me. Will I have to use MFA this much each day to access my apps? 

No. On the day of the change, you will have to log in and activate MFA for each of your applications that normally stay signed in on your computer and mobile device. Afterwards, you should not encounter the MFA step on those apps again as part of this change. 

5. Which MFA options are being phased out? 

  • Duo Push is being phased out and replaced by Duo Verified Push via the Duo mobile app. You will be automatically switched to Duo Verified Push when your account is moved to the new policy. If you are already using Duo Push for MFA, no action is required on your part to get ready for this change. 
  • Phone call-based MFA is being phased out completely. If you are only using the phone call method on Duo, it is critical to have another MFA option registered to ensure continued access. We recommend that you set up the Duo push method. 

phone_call_option

Duo Push to Duo Verified Push Transition 

If you are using the Duo Push MFA method today to access Emory University or Emory Healthcare applications, you will be moved to Duo Verified Push 

The following example workflow shows the new Verified Push experience while accessing a Microsoft application, such as web-based email. Your workflow may vary for other applications, but the new Verified Push experience should be the same. 

  1. Enter Network ID and Password to sign into a Duo integrated application (such as http://email.emory.edu).

 microsoft_login

  1. If this prompt appears, select “Continue”.  Emory Healthcare users will see “eushc.org” rather than “emory.edu”.

trust_emory

  1. Select “Continue” to proceed to the Duo verification.

verification_required

  1. A 3-digit verification code will appear, and you'll get a push notification on your Duo mobile app to enter this code. 

    verified_push_code1
  2. Enter the verification code on your Duo mobile app when prompted. 

 verified_push_code2

  1. An error message appears if the code is incorrect.

 invalid_verification_code

  1. If you are using an iPhone/iPad and have Microsoft Authenticator installed on your device, then you will need to confirm that this is your device on the Authenticator application as well. Open the Microsoft Authenticator app and click on “Unlock” when it prompts you to. 

 authenticator_locked

  1. If asked, confirm if this is your device or a public device on Microsoft Authenticator. Only click “Yes” on personal devices.

is_this_your_device 

  1. 9. Continue to stay signed in if it is a personal device. This reduces the number of times you are asked to sign in. Do not select this option on a public device.

 stay_signed_in

  1. 10. You may see this prompt on other devices; click “Continue” and repeat the steps above. 

connection_authentication_required

Application Specific Caveats: 

1. My Power Automate flows are not working anymore, how do I resolve it? 

You will receive a pop-up requesting that you reauthenticate your connections.  

connection_action_required

After opening Power Automate, navigate to Connections 

power_automate_connections 

Click on reconnect under the Status column and follow the prompts to reauthenticate.  

power_automate_reconnect

Questions and Support 

If needed, the University Service Desk may be reached at 404-727-7777. Emory Healthcare Service Desk, 8-Help, may be reached at 404-778-4357.