SMS authentication being removed from Duo MFA
June 2, 2025
As of June 30, 2025, SMS (text messages) will be removed as an authentication option within Duo MFA. This change is required to ensure all accounts are protected from SMS spoofing, a common vector for compromising accounts. If you currently use SMS for authentication, you will need to migrate to one of the following methods as your primary authentication method before then.
- Recommended: Duo Mobile (requires mobile device)
- iPhone: Requires iOS 15.0 or greater
- Android: Requires Android 11.0 or greater
- Allows for push notifications and time-based code generation
- Security Key
- Examples: Yubico Security Key, YubiKey, Token2
- Platform Authenticator
- Examples: Windows Hello, Apple Touch
- This option is limited to the device it was originally configured on
- One-Day Passcode
- In a pinch, you can use ELMO to create a one-day passcode
PLEASE NOTE: You are encouraged to set up more than one authentication method to ensure seamless access.
Additionally, phone calls as an authentication method will be removed in December 2025. We recommend you to transition to one of the alternative authentication methods mentioned above.
For more information, visit Nanook Technology Services’s Multi-factor Authentication site, or contact the Nanook Technology Service Desk.