The Information Security Office has received several reports recently of erroneous Duo pushes being sent to users’ phones and accepted without verification. This has resulted in compromised accounts.

Please be aware: If you receive a Duo push that you did not initiate, this means that someone has your password and is accessing your Miami account without your knowledge.

If you receive a surprise Duo push to your mobile device, here is what you should do:

• Reject the push
• Immediately go change your Miami password at MiamiOH.edu/password

This will help keep your account safe, especially if someone else has your current password.

It is worth mentioning that this is one of the main circumstances for which Duo was made mandatory. If you have that second factor on your login, it means that you are the only person who can get into your account. That protection is moot, however, if you accept Duo pushes without verifying where they came from. Practice vigilance with your Duo pushes.

Please let us know if you have questions about this recommendation. Contact the ISO at InfoSec@MiamiOH.edu.