On Monday, Feb. 25, OIT will change the settings within Duo Security and Google Two-Step Verification (G2SV) that will allow you to trust your devices for 14 days. Duo and G2SV are NC State’s two-factor authentication solutions.
Recently, Google changed its G2SV policy for “Devices you trust,” such as your own computer, from 30 days to indefinitely, while Duo’s “Remember me” policy remained at 30 days.
OIT supports a shorter trust (or remember me) duration as well as a consistent trust policy that will offer end users and the university stronger protection. The security changes include the following:
- The default will be that all web browser sessions will be trusted for 14 days. If you do not log out of your Google service, clear cache or cookies, or change your password, your Google session will remain active for 14 days, and you will not have to use a second factor.
- The “remember me” checkbox will no longer be available; any login to a Google service will require 2-step verification (2fa), unless the 14-day web session window applies.
- Mobile app logins are unaffected, unless you are using a mobile web browser to access Gmail or another Google service.
- The checkbox to “Remember me for 30 days” will change to “Remember me for 14 days.”
- Web sessions that are older than 14 days will prompt for Duo authentication on the next login.
As a reminder, do not “trust” machines that are not in your direct control, such as shared computers or kiosks. You should also lock your computer when it is not in use or left unattended.