Search for blog posts, documentation, or pages

While our two-factor authentication platform is authenticator-agnostic at its core, supporting a wide range of authenticators from our cutting-edge Duo Push technology all the way to legacy hardware tokens, it is clear that our general approach towards two-factor has focused around the use of a mobile device as a secondary authenticator. These powerful, flexible, and increasingly ubiquitous mobile computing devices allow us to tackle the challenges of secure and usable two-factor authentication in innovative ways.

However, the use of a consumer mobile device as a secondary authenticator is not without its risks. We pride ourselves on being experts in the mobile security space and I will be the first one to tell you that these mobile platforms are not infallible and suffer similar risks of compromise as other software systems.

For many of our customers, the benefits of using mobile devices as authenticators hugely outweigh the risks. Making two-factor technology usable and accessible to a diverse user base allows the application of two-factor authentication to places where previously it may have been too costly or complex to deploy.

Duo Security Scan (DSS)

At Duo, we’re making it our mission to ensure that you can trust the device you’re using for two-factor authentication. As a first step in this process, we’re happy to announce the launch of our Duo Security Scan (DSS) service!

The DSS service allows you to scan your mobile device for malicious threats and remove any applications that are suspected of being malicious. Even better, DSS is built in to our existing Duo Mobile application that you already use for your two-factor authentication!

DSS is available now as a technology preview for our enterprise customers. Additional features are forthcoming, including the ability to wrap authentication policy around DSS results.

For the rest of our users (and the general public), stay tuned as we have some even more exciting mobile security technology coming down the pipe for you!


Jon Oberheide
Co-Founder and CTO

Jon is the co-founder and CTO of Duo Security, responsible for leading product vision and the Duo Labs advanced research team. Before starting Duo, Jon was a self-loathing academic, completing his PhD at the University of Michigan in the realm of cloud security. In a prior life, Jon enjoyed offensive security research and generally hacking the planet. Jon was recently named to Forbes "30 under 30" list for his mobile security hijinks.


Free Guide

Security for an Age of Zero Trust

Think your organization is ready for the cloud and decentralized security? Download this white paper to learn why you may not be.


phishing (20)  security news (17)  two-factor-authentication (16)  healthcare security (16)  passwords (15)  weekly ink (13)  federal cybersecurity (10)  malware (10)  cloud security (10)  infosec-evolution (9)  rsac2015 (8)  retail data breaches (8)  banking security (8)  duo mobile (7)  data breaches (7)  stolen-passwords (7)  financial data breach (7)  2fa (6)  mobile security (6)  stolen credentials (6)  ooba (6)  financial institutions (6)  pci dss (6)  encryption (5)  transaction-level 2fa (5)  remote access security (5)  webinar (5)  atms (5)  healthcare cybersecurity (5)  healthit (5)  security threats (4)  bank security (4)  third-party security (4)  financial data security (4)  2-factor-authentication (4)  pos malware (4)  vulnerability (4)  data breach notification (4)  retail (4)  defcon-23 (4)  rig exploit kit (4)  platform edition (4)  hipaa (4)  retail data security (4)  blackhat 2015 (4)  google (4)  remote access attacks (4)  medical identity theft (4)  healthcare data breach (3)  security research (3)  defense in depth (3)  e-prescriptions (3)  retail data risks (3)  duo-security-summit (3)  home depot (3)  ehr (3)  byod (3)  retail ebook (3)  hipaa security rule (3)  higher education (3)  two-factor (3)  manufacturing security (3)  critical infrastructure security (3)  ffiec (3)  law firm security (3)  otp bypass (3)  media security (3)  payment card breach (3)  strong-authentication (3)  dyre trojan (3)  uk security (3)  car security (3)  end-user authentication (3)  defcon (3)  iot security (3)  ssl (3)  social engineering (3)  target (3)  health it (3)  twitter (3)  anthem (3) 

Duo is hiring!

View our open positions

Subscribe to our Newsletter

Get product updates, interesting content, and invitations to online and live events.