Search for blog posts, documentation, or pages

While our two-factor authentication platform is authenticator-agnostic at its core, supporting a wide range of authenticators from our cutting-edge Duo Push technology all the way to legacy hardware tokens, it is clear that our general approach towards two-factor has focused around the use of a mobile device as a secondary authenticator. These powerful, flexible, and increasingly ubiquitous mobile computing devices allow us to tackle the challenges of secure and usable two-factor authentication in innovative ways.

However, the use of a consumer mobile device as a secondary authenticator is not without its risks. We pride ourselves on being experts in the mobile security space and I will be the first one to tell you that these mobile platforms are not infallible and suffer similar risks of compromise as other software systems.

For many of our customers, the benefits of using mobile devices as authenticators hugely outweigh the risks. Making two-factor technology usable and accessible to a diverse user base allows the application of two-factor authentication to places where previously it may have been too costly or complex to deploy.

Duo Security Scan (DSS)

At Duo, we’re making it our mission to ensure that you can trust the device you’re using for two-factor authentication. As a first step in this process, we’re happy to announce the launch of our Duo Security Scan (DSS) service!

The DSS service allows you to scan your mobile device for malicious threats and remove any applications that are suspected of being malicious. Even better, DSS is built in to our existing Duo Mobile application that you already use for your two-factor authentication!

DSS is available now as a technology preview for our enterprise customers. Additional features are forthcoming, including the ability to wrap authentication policy around DSS results.

For the rest of our users (and the general public), stay tuned as we have some even more exciting mobile security technology coming down the pipe for you!


Jon Oberheide
Co-Founder and CTO

Jon is the co-founder and CTO of Duo Security, responsible for leading product vision and the Duo Labs advanced research team. Before starting Duo, Jon was a self-loathing academic, completing his PhD at the University of Michigan in the realm of cloud security. In a prior life, Jon enjoyed offensive security research and generally hacking the planet. Jon was recently named to Forbes "30 under 30" list for his mobile security hijinks.


Free Guide

Security for an Age of Zero Trust

Think your organization is ready for the cloud and decentralized security? Download this white paper to learn why you may not be.


phishing (20)  two-factor-authentication (18)  security news (17)  healthcare security (16)  passwords (15)  weekly ink (13)  cloud security (12)  mobile security (11)  federal cybersecurity (10)  malware (10)  infosec-evolution (9)  rsac2015 (8)  banking security (8)  duo mobile (8)  retail data breaches (8)  stolen credentials (7)  financial data breach (7)  stolen-passwords (7)  data breaches (7)  financial institutions (6)  remote access security (6)  remote access attacks (6)  encryption (6)  pci dss (6)  ooba (6)  ios security (6)  2fa (6)  platform edition (5)  uk security (5)  webinar (5)  media security (5)  pos malware (5)  transaction-level 2fa (5)  atms (5)  higher education (5)  rig exploit kit (4)  security research (4)  third-party security (4)  hipaa (4)  data breach notification (4)  retail (4)  bank security (4)  ios (4)  healthcare cybersecurity (4)  2-factor-authentication (4)  vulnerability (4)  blackhat 2015 (4)  google (4)  healthit (4)  medical identity theft (4)  endpoint security (4)  defcon-23 (4)  retail data security (4)  security threats (4)  financial data security (4)  flash security (3)  retail data risks (3)  ssl (3)  critical infrastructure security (3)  social engineering (3)  manufacturing security (3)  law firm security (3)  otp bypass (3)  anthem (3)  out of band authentication (3)  cisco vpn (3)  duo-security-summit (3)  flash vulnerabilities (3)  ios vulnerabilities (3)  payment card breach (3)  target (3)  car security (3)  retail ebook (3)  health it (3)  windows security (3)  e-prescriptions (3)  byod (3)  home depot (3)  healthcare data breach (3)  strong-authentication (3)  stock market (3)  twitter (3)  defcon (3)  defense in depth (3)  outlook-web-app (3)  hipaa security rule (3)  two-factor (3)  iot security (3)  dyre trojan (3)  end-user authentication (3)  aws security (3)  ffiec (3) 

Duo is hiring!

View our open positions

Subscribe to our Newsletter

Get product updates, interesting content, and invitations to online and live events.