Recent Duo and Google Security Setting Changes

— Written By Security update graphic

The Office of Information Technology (OIT) has recently changed the settings within Duo Security and Google Two-Step Verification (G2SV) that will allow you to trust your devices for 14 days.

Recently, Google changed its G2SV policy for “Devices you trust,” such as your own computer, from 30 days to indefinitely, while Duo’s “Remember me” policy remained at 30 days. Due to security concerns, OIT has implemented a universal change that supports a shorter duration for “remember me” across both services and a consistent trust policy that will offer end users and the university stronger protection.

Please take a moment to review the following policy updates:

Google 2-Step Verification (G2SV)

  • The default will be that all web browser sessions will be trusted for 14 days. IF you do not log out of your Google service, clear cache or cookies, or change your password, your Google session will remain active for 14 days and you will not have to use a second factor.
    • If you log out, you will be asked the next time to 2FA. Many people do log out of Google every day, therefore they will need to 2FA each time they log back in.
    • The “remember me” checkbox will no longer be available; any login to a Google service will require 2-Step Verification (2FA).
  • Mobile app logins are unaffected unless you are using a mobile web browser to access Gmail or another Google service.

Duo

  • The checkbox to “Remember me for 30 days” will change to “Remember me for 14 days.”
  • Web sessions that are older than 14 days will prompt for Duo authentication on next login.

Reminders

  • Do not “trust” machines that are not in your direct control, such as shared computers or kiosks.
  • Computers should be locked when not in use or left unattended.

If you have any questions about these changes or require assistance, please contact us by calling 919-513-7000 or emailing ces_help@ncsu.edu.