Duo Security / Received an unexpected Duo notification

Objective

• To provide instructions on how to respond to an unexpected Duo notification

Environment

• 312306: Duo Security two-factor authentication
  • Duo Mobile App

Causes

• If you receive an unexpected Duo notification and you did not initiate an authentication request, your account may be compromised. This can occur when a third-party provider suffers a data breach and credentials are discovered on publicly accessible sources
• The practice of re-using the same password or a slightly modified version of the password across multiple sites creates a security risk
• If you receive a Duo notification that you did not initiate, do not approve it. If your account has been compromised and someone has your password, they could initiate a push, and — if you accept it — you will grant them access to your account

Resolution

1. In the Duo Mobile app, tap Deny on the notification to reject it
2. If you don't recognize the authentication request as your own, tap It seemed fraudulent to reject the login attempt
   • The alert will be logged in Duo and will send an email notification to the information security office
   • If you want to cancel a login request that you made, tap It was a mistake to deny the request without reporting it
3. Change your password as soon as possible!
   • If you believe the authentication request to be fraudulent, your password may have been compromised