July HIPAA Security Update: Duo Verified Push
In August 2025, HIPAA workforce members will switch from standard Duo Push to Duo Verified Push for two-factor authentication.
What is Duo Verified Push?
Standard Duo Push involves simply tapping “Approve” or “Deny” on a push notification. Duo Verified Push adds a code verification step:
- When logging in, a 4-digit code will be displayed on your computer or device screen.
- You receive a push notification in the Duo Mobile app on your phone.
- You must enter the 4-digit code from the screen into the Duo app to approve the login.
Visit the Duo Verified Push Tech Web page for more details.
Why is this change required?
Verified Push improves security by ensuring the person approving the push notification has the code showing on the login screen. This change prevents accidental or fraudulent approval of login attempts, especially when repeated push requests are received (which can happen in phishing or account takeover attempts).
Have questions?
For Duo Verified Push questions contact ithelp@bu.edu, and for questions about this change contact buinfosec@bu.edu.