Campus ID News
Card, mobile credential, payment and security
Menu
close
FEATURED
PARTNERS
Princeton Duo login page

Princeton eliminates Duo’s SMS-based login amid rising phishing attacks

Students pushed to Duo Mobile app or biometrics, researchers analyze phishing data

CampusIDNews Staff   ||   Jun 19, 2025  ||   ,

To gain access to secure university services and student accounts, Princeton students use a multi-factor authentication solution from Duo. In the past, users could opt to receive secure codes from Duo via text message or phone call, but these methods have been phased out.

An article in the Daily Princetonian cites an email from the university’s Office of Information (OIT) Technology saying that these older methods are now, “a common target for hackers looking to compromise accounts.”

Between 2022 and 2024, there was a 44% increase in unique phishing emails and a 186% rise in reported incidents.

In mid-June, the switch was made, and all users must now rely on one of two more secure methods.

OIT’s preferred method is the Duo Mobile app, which uses push notifications that require the account owner to verify that the login attempt is valid. Second, biometric authentication using Windows Hello; TouchID or FaceID on Macs and iPhones; and Android biometric options may be enabled.

Princeton is not the only campus to take this action. Some have already eliminated SMS and phone options in their Duo system, and others are in process of doing so.

Princeton also strengthens spam filtering

The rise in phishing attacks at Princeton prompted the institution to make changes to its spam filters and email delivery processes earlier in the year.

In the two years between 2022 and 2024, there was a 44% increase in unique phishing emails and a 186% rise in reported incidents.

In response, Princeton’s Information Security Office ratcheted up the threshold on its spam filters, making it harder for phishing emails to reach inboxes. They also began diverting more of these messages directly to the user’s trash folder, bypassing the junk folder altogether.

Analyzing phishing trends at Princeton

These phishing emails are often sophisticated and targeted to the student community. They promise research assistant positions or internships, include university logos, and appear to come from actual university leaders.

The Princetonian received data from OIT on phishing attacks dating back to 2021. Authors did an in-depth analysis, and the findings provide great insight.

Specific areas of analysis include:

  • Year over year increase in phishing attempts
  • Most frequent words used in subject lines
  • Most common time of day for email delivery
  • Number of attempts by day of week.

The trends at Princeton are likely pervasive throughout higher education, so the article is a must read for all campus administrators.

|| TAGS: ,
Subscribe to our weekly newsletter

RECENT ARTICLES

Transact + CBORD is now Illumia
Mar 05, 26 /

Transact + CBORD officially becomes Illumia, announces 2026 Distinction Award Winners

Transact + CBORD formerly announced its new name, visual identity, and branding as Illumia at its Momentum annual user conference. According to an announcement about the launch, the company powers payments, access, foodservice, and credentialing at more than 10,000 clients in higher education, healthcare, and senior living institutions. "The Momentum conference is the right place […]
BalanceU meal plan screenshot

New BalanceU meal plan aims to cut costs, open architecture, and free university data

FutureState, a new entrant to the campus credential, dining, and auxiliary service space, announced its new closed-loop, stored value and meal plan offering called BalanceU. “FutureState’s BalanceU is designed to help colleges and universities lower operating costs, eliminate vendor lock-in, and gain real-time financial visibility across campus,” says Christopher Augustine, Co-Founder and Head of Product […]
MyVenue POS with Illumia mobile credential on phone
Feb 26, 26 /

Transact + CBORD partners with MyVenue to extend stored value to campus stadiums

Transact + CBORD (rebranding to Illumia in March 2026) announced a new agreement with sports and entertainment point-of-sale (POS) provider MyVenue. The partnership allows students to use their campus card and stored-value campus funds for purchases inside stadiums and arenas. The integration adds MyVenue’s high-volume point-of-sale platform to Transact + CBORD’s campus commerce platform. Designed […]
CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.
Twitter

CampusIDNews (formerly CR80News) Follow 272 529

CampusIDNews

Great inverview on the Public Key Open Credential (PKOC) standard with ELATEC's Jason Ouellette, Chairman of the Board for the @PSIAlliance.

Attn: friends in the biometrics space. Nominations close Friday for the annual Women in Biometrics Awards. Take five minutes to recognize a colleague or even yourself. http://WomenInBiometrics.com

Load More...
Contact
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301
www.AVISIAN.com[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2026 CampusIDNews. All rights reserved.