Features

Self-enrollment

Self-Enrollment

Managing user accounts can be one of the most frustrating and time-consuming aspects of deploying two-factor authentication. Duo makes deployment easy by letting users enroll themselves, register their own phones, and install the Duo Mobile application. For VPN and web integrations, this all happens without your users ever having to leave your site. This self-enrollment process is designed for simplicity and ease-of-use, and our customers report that it reduces the support and training burden on both IT and help desk staff.

Deploying two-factor authentication has traditionally been expensive and time-consuming — there is hardware to install, tokens to distribute, and user accounts to create. Duo Security lowers this barrier and expedites deployment with self-service enrollment.

In addition, administrators can add, remove, and modify users using Duo’s web-based administrative interface. If you already have your users’ phone numbers, Duo Security’s support staff can save you and your users time by importing them in batch.

Choice of Authentication Methods

You don’t have to tell your users how to authenticate — they can choose for themselves. Users are given a choice of device and authentication method each time they log in. Duo allows for choice and flexibility, creating an authentication solution that works for everyone in your organization.

Authentication methods

Duo supports all phone types — from smart phones (on all platforms) to landlines — and lets users authenticate with or without cell service. Duo Security also supports hardware tokens for users who prefer them.

More about authentication methods »

Interactive status messages

Live Feedback

Users get confused and worried when a page appears to “hang” and stop responding during login. Duo provides live-updating status messages to show users the authentication status (“Dialing…”, “Login request pushed to your phone…”, “Press any key”, etc.) or report any errors (“No answer, please try again”).

Clearly showing the authentication process reduces user confusion and corresponding support desk call volume. Showing live feedback is one of the many things that Duo Security does to ensure the best experience for your users.

Duo Security's administrative interface

Powerful User Management

Duo Security’s web-based administrative interface lets you easily revoke credentials, disable users, and audit access by users and groups. Administrators can automatically lock out users after a specified number of invalid logins, and get real-time fraud alerts when users report potentially fraudulent logins via phone callback, Duo Push, or passcode replays.

One-time-use bypass codes can be generated for users — these codes expire after an administrator-defined time to prevent their misuse. Users enter bypass codes into the normal passcode box.

The administrative interface also allows for customization of the service: everything from voice prompts to caller ID to SMS batch sizes and expiration can be customized for your organization.

Secure by design

Secure by Design

Duo Security takes security, reliability, and privacy very seriously. The service operates completely independently from primary authentication, which mean that Duo never sees your users’ passwords or any personally identifying information. Duo is hosted by PCI DSS Level 1- and ISO 27001‑certified, SAS70 Type II‑audited service providers, across multiple geographic regions and independent power grids.

More security information »