On July 20th, Information Technology Services (ITS) enabled new security features in the Duo two-factor authentication system intended to inform people when their device has outdated software installed. This change adds new messaging when authenticating with Duo that notifies users that their devices are using outdated versions of Flash, Java or operating systems (e.g. Windows, MacOS, Apple iOS, etc). These changes apply to both desktop and mobile devices.
This informational banner does not prevent authentication or access. It is meant to inform. It is hoped that the information will increase awareness of vulnerabilites to security threats (as outdated software is most vulnerable to exploit), and improve our community’s resilience against cyber threats.
Out-of-date devices are at a greater risk of exploitation because they're susceptible to known software vulnerabilities that allows attackers to compromise or otherwise abuse them. Flaws found in old versions of operating systems, browsers and plugins like Flash and Java are in general not fixed, knowledge of them spreads among hacker communities; and, when successfully exploited, they can allow attackers access to, and control of, devices and systems, as well as the data on them.
It is important not to panic if you see such a message when authenticating. Sometimes the message will appear before your device detects the updates. If your machine is managed by central IT services, then it should be updated according to the schedule set forth by the management system. If, however, the warnings persist for more than a month without going away, there is probably an issue that needs to be addressed, and we recommend you call your IT support for help in such cases.
Written by Eric Rostetter, Senior System Administrator
Questions or comments? The best and easiest way to contact us is via the CNS Help Desk form.