Duo "Verified Push" is when you are prompted to enter three to six digits during the Duo MFA sign-in process. This typically occurs when a risk has been identified during authentication. https://duo.com/docs/policy#verified-push What is Risk-Based Authentication? Authentication happens normally, unless Duo determines an authentication attempt is unusual or higher risk through a combination of factors: Login location & Impossible Travel - (I.e. login from Nebraska & Italy in the same hour) User denying authentication repeatedly or reporting fraud Login from a new, unremembered device in combination with other factors Login to multiple user accounts from the same session What does this look like? If Duo detects a high risk condition, the authentication will require a stronger second factor (typically a Verified Push) where you will need to enter the 3-6 digit number from the webpage into your Duo Mobile application. What if I don't use the Duo application? The following factors may be used during a high risk authentication if the app is not available: Roaming Authenticators - FIDO2-compliant WebAuthn security keys (ex. Yubikeys) Platform Authenticator - Touch ID using compatible browsers (ex. Chrome or Edge)