Security – Duo Two Factor Support

UCI Health uses Duo Security to add a second layer of security when accessing protected systems and services.

Passwords are increasingly easy to compromise. They can be stolen, cracked, or guessed. Two-factor authentication adds an additional layer of security to your HS account by mitigating password compromise. By verifying your identity using both something you know (your HS username and password) and something you have (such as a mobile phone or landline), a compromised password cannot be used by itself to log in.

Starting in June 2025, the ITS Department will be removing the following multifactor authentication options for DUO. This only impacts the UCI Health DUO application and features when accessing UCI Health resources (Epic, UCI Health VPN, etc.). This does not impact UCI Campus DUO, which is used for accessing resources such as UCPath, UCLC, etc.

1. SMS Codes – Text Option
2. Telephony – Phone Call Option

These methods of authentication are insecure and are commonly used by threat actors to gain unauthorized access. The proposed changes are not unique to UCI/UCI Health as they are being enforced across the entire UC system.

Additionally, we will also be enforcing each smartphone/tablets operating system is kept up to date. Manufacturers release updates to the smartphones, tablets, watches, laptops/desktops to correct programming errors that an attacker can use to gain access to our sensitive data. Please take the time to update your devices to avoid any disruption. End of life devices will no longer function with DUO as they will not be able to update to the current versions of software.