The University of Iowa’s Information and Technology Services, or IT Services, has implemented an update to Duo Push, which will strengthen two-factor authentication amid a rise in cybersecurity attacks on campus. The new security feature, Duo Verified Push, will require users to enter a three-digit code presented on the screens of their devices into the Duo Mobile app.

This additional step will hopefully combat “push fatigue” or “push harassment,” which are cyber attacks where hackers will repeatedly send verification pushes with the hopes that a user will approve the request even though the user isn’t the one signing into an account.

“Some people were just approving the Duo pushes that they got on their phones without actually being the ones opening the website because it was bugging them,” Victoria Delgado, a student analyst with IT Services, said.

IT Services found these attacks were targeting UI payroll and direct deposit information and has prompted users to be mindful of the verifications they are approving.

Jessica Housour, a third-year student at UI who also works as a student worker on campus, explained that while she already felt secure with the previous version of Duo Push, the update was still appreciated.

“It’s nice to have that extra level of security,” Housour said. “I’ve never had a problem with scam emails, but I don’t think it hurts to have something more.”

RELATED: UI ITS outage caused by automated system update

While the update went into effect on April 17, some users may not immediately notice the change because two-factor authentication is typically “saved” for 30 days on most users’ devices. Sara Streeter, a second-year student at the UI, for example, has only had to enter a code into the Duo Mobile app once since the update went into effect.

“It’s more work, but I guess I don’t really mind it because it’s extra protection,” Streeter said.

And while second-year Sophie Larson currently uses the SMS and voice message option, which sends a code directly to a user’s phone through text or call, she hasn’t noticed a change in her authentication method. She believes educating students and the public would be beneficial in preventing cyberattacks.

“I feel like there’s a lot to learn, like I really don’t fully understand why we do Duo Push, so I think better education would be beneficial,” Larson said. “Just to educate people on why we do things and better ways to protect your stuff and your identity.”

IT Services’ webpage currently offers many recommendations for minimizing risks of cybersecurity attacks, including installing an antivirus program, utilizing VPNs, restarting a computer weekly, updating software regularly, and not opening suspicious links from texts and emails. These can act as a starting place for students to begin learning how to protect their information and security.

“You can also use the Duo app for your personal accounts if you want to,” Delgado said. “I know the security office does protect your personal student account, but for your personal account, you don’t have that type of security. So, you can just use other two-step verification tools like Duo.”

Currently, this update will only affect those using the Duo Mobile app for authentication. Those using the SMS/voice methods for authentication will see no change, but IT Services has announced that these methods will gradually be phased out over time for cost and security reasons.