On Monday, Feb. 25, the Office of Information Technology (OIT) changed the settings within Duo Security and Google Two-Step Verification (G2SV) (https://go.ncsu.edu/2fa) that will allow you to trust your devices for 14 days.
Recently, Google changed its G2SV policy for “Devices you trust,” such as your own computer, from 30 days to indefinitely, while Duo’s “Remember me” policy remained at 30 days.
Due to security concerns, OIT was not supportive of an indefinite trust policy and supports a shorter duration for “remember me” and a consistent trust policy that will offer end users and the university stronger protection.
Google 2-Step Verification (G2SV):
- The default will be that all web browser sessions will be trusted for 14 days IF you do not log out of your Google service, clear cache or cookies, or change your password, your Google session will remain active for 14 days and you will not have to use a second factor.
- If you log out, you will be asked the next time to 2FA. Many people do log out of Google every day, therefore they will need to 2FA each time they log back in.
- The “remember me” checkbox will no longer be available; any login to a Google service will require 2-Step Verification (2fa).
- Mobile app logins are unaffected, unless you are using a mobile web browser to access Gmail or another Google service.
Duo:
- The checkbox to “Remember me for 30 days” will change to “Remember me for 14 days”.
- Web sessions that are older than 14 days will prompt for Duo authentication on next login.
Reminders:
- Do not “trust” machines that are not in your direct control, such as shared computers or kiosks.
- Computers should be locked when not in use or left unattended.