Across the board, higher education continues to be a preferred target for cyber attackers. Phishing attacks continue to evolve and are increasingly sophisticated and convincing, making them much harder to spot at first glance and much easier to fall for. Cyber attackers also rely on tactics such as push harassment and push fatigue, sending a user multiple push notifications to get the user to approve a malicious access request and give the attacker access to login credentials.

Gaining access to a single ONID login account can have a measurable impact: it can give cyber attackers access to an individual’s data, including sensitive personal, financial and health information, and it can create a doorway for access to all of OSU’s institutional data. To protect the community and university, we must stay vigilant and minimize opportunities for attackers to infiltrate OSU’s cyber boundary so we can protect ourselves, the community, and the university.

Physical Security Keys

YubiKeys serve as a physical form of two-factor authentication (2FA). Once you've entered your login credentials (username and password), tapping your YubiKey to your device or inserting your YubiKey into your device's USB port validates your login, adding an extra layer of phishing-resistant security to your personal information.

Currently, many members of the OSU community do not have access to Verified Duo Push, leaving their login information incredibly vulnerable to phishing attempts and attackers. Using a YubiKey introduces phishing-resistant security to your Duo login, bolstering the overall security of your personal information.

YubiKeys will be provided to OSU community members who cannot use Verified DUO Push for their OSU logins. If you are already using Verified Duo Push, a YubiKey will not be necessary. If you have a specific use case where Verified Duo Push will not work please contact your department's IT support group!

Please follow the instructions listed in the linked knowledge base article. For any other questions related to YubiKey enrollment, please contact the OSU service desk.  

After enrolling your key, during login, you'll be prompted to insert your YubiKey into your device's USB port. Once the YubiKey is plugged in, simply touch the YubiKey with your finger to complete the login. If you are logging in with a smartphone, you will be prompted to tap the YubiKey to your device to complete the login process.

Distribution of YubiKeys will commence in February 2024. Please contact the OSU service desk for any other questions. If your work location is not at the Corvallis campus, arrangements will be made to mail your Yubikey to you

No! Since each YubiKey is unique to the user, it can be used in any application that supports YubiKeys for multi-factor authentication. For more information, check out this list of supported applications! 

 If you are interested in obtaining a YubiKey, they will be sold on campus through the OSU Beaver Store starting february 14. For more information please contact your department's IT support team. 

If you have misplaced your YubiKey please contact your department's IT service team for information regarding replacement. 


Phishing is defined as the fraudulent practice of sending emails or other messages pretending to be from legitimate companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Oregon State email addresses are a common target for Phishing emails. OIS has noticed an increase in the amount of phishing emails that members of the OSU community receive. If you suspect that an email may be a Phishing attempt, OIS recommends that you either report the email directly through your mailbox or report a phishing attempt through the homepage of the OIS website. This will allow our team to review the email and take further action. Thank you for helping to defend our cyber dam!



DUO is a Two-factor authenticator that adds a second layer of security to your online accounts. Verifying your identity using a second factor (like your phone or other mobile device) prevents anyone but you from logging in, even if they know your password.

For an overview of DUO check out "A Truly Universal Prompt" Linked here!

For detailed information, check out the official DUO guide here!