Search for blog posts, documentation, or pages

Why Two-Factor?

Combine something you know with something you have to reliably confirm your identity.

Many organizations protect local and remote logins with a simple username and password. Entering these two pieces of information grants access to company databases, email accounts, and other sensitive information. But passwords are notoriously insecure. Many users choose weak passwords which can be easily guessed or cracked. Phishing attacks trick people daily into revealing their passwords, and users on unsecured networks (e.g. at coffee shops) can have their passwords sniffed. Malicious viruses and spyware can capture passwords and send them over the network to attackers.

Furthermore, it’s impossible to tell who has access to your users’ accounts, or even if anyone is accessing them illicitly. In the past year alone, attackers have compromised Sony, HBGary, and Gawker (and many more) by simply gaining knowledge of users’ passwords.

Clearly passwords are not enough for protecting important logins.

Use Two-Factor Authentication

The most practical way to strengthen authentication is to require a second factor after the username/password stage. Since a password is something that a user knows, ensuring that the user also has something thwarts attackers that steal or gain access to passwords.

Traditional two-factor authentication solutions use hardware tokens (or “fobs”) that users carry on their keychains. These tokens generate one-time passwords for the second stage of the login process. However, hardware tokens can cost up to $125 each. It takes time and effort to distribute them, track who has which one, and replace them when they break. They’re easy to lose, hard to use, and users consistently report high levels of frustration with token-based systems.

Your Phone is Your Token

Duo leverages the mobile phone as the second factor. It’s a device that people already have, know how to use, and notice when it’s missing. Using an existing device reduces deployment and training costs, and improves the end-user experience of the entire system. Duo Security works with all phone types, from landlines to smartphone platforms. In the simplest case, users just answer a phone call and press a button to authenticate. Duo Security works internationally, and has customers authenticating from 42 countries around the world.

Read more about Duo’s solution