Skip navigation
Blog hero with text that reads:
Product & Engineering

Badge Integration With Cisco Duo Delivers Unique, Hardware-less MFA Experience

Multi-factor authentication (MFA) has become a security staple, almost as ubiquitous in our daily lives as a morning cup of coffee. In the last year, more than 16 billion authentications have been handled by Duo. MFA is an important security tool to combat unauthorized account access. However, it is not foolproof. Traditional hardware-based MFA is high friction and imposes limitations that can be frustrating at best and increase risk surface at worst, such as through MFA fatigue and account recovery processes. We are excited to share with you a new Duo Technology Partner Badge, and Badge’s unique integration with Duo that provides the first-hardware independent roaming MFA.

Many Duo authentications are for securing virtual infrastructures like cloud environments, or remote access systems, workstation hopping and restricting unknown and out-of-date devices from accessing applications and networks. Requesting access multiple times a day is commonplace in the day-to-day workflow of users, including billions of frontline workers worldwide. Some MFA methods can disrupt operations, and the resulting employee workarounds significantly increase the opportunity for security breaches during the authentication process. Worse, when users are in device-not-present situations — like when a mobile phone required for an MFA push is lost, broken, or unavailable — the fallback is usually a phishable, high-friction account recovery process. Not only is this bad for the user experience, but it’s bad for security too, since account recovery is increasingly becoming the front door for attackers and phishing. We’ve seen this fallback to account recovery as an increasing vector for fraud, such as with recent high-profile attacks in healthcare and entertainment targeting large companies

Badge's novel, privacy-preserving authentication enables Duo users to authenticate passwordlessly from any device without requiring the user to have previously registered on that device. This eliminates the need for Duo users to fallback to account recovery or redirect to a phone or token each time they need to authenticate. Badge seamlessly enables enterprise authentication across applications from multiple devices, all from a single enrollment. Badge helps Duo strengthen its security posture with a seamless MFA experience that's both portable and resistant to phishing, while also enabling a truly passwordless user experience.

“Badge not only streamlines access across applications and devices but crucially reduces the risk of phishing attacks or credential exposure, making it an indispensable tool for maintaining the integrity of secure environments. Badge is excited to partner with Cisco Duo to bring this important security and user experience benefit to Duo users.” — Dr. Tina P. Srivastava, Co-Founder of Badge

Moving the trust anchor

MFA works by relying on a device or a token as the trust anchor, which means that users need to have their device or token with them — and in working order — at all times to authenticate. This reliance on specific hardware, called device dependency, is a pain for user experience and impacts security when users are forced into fallback authentication flows. With Badge, the device dependency is gone — people are their own roots of trust, rather than just a device or token.

Badge offers a cost-saving solution to help reduce friction and enable seamless, passwordless enrollment using verified credentials (VCs). Badge leverages the initial Identity Verification (IDV) enrollment, and from there the user can authenticate to access this credential anywhere, anytime, on any device. No need for repeat IDVs throughout the user lifetime journey. This saves money and user frustration.

In addition to simplifying the enrollment process, Duo can also operate as a certified passkey provider leveraging Badge, extending the passwordless capabilities of Duo. Unlike other passkey models, the Badge integration with Duo does not require users to cede trust of their key trees or login credentials to a centralized authority. Instead, Duo users leveraging the Badge passkey implementation benefit from a trust model where users can establish key provenance and maintain control over their authentication keys, enhancing security and privacy. Again, with Badge, users enroll once, and may access their passkeys on any device (including across Apple, Microsoft and Google ecosystems).

By addressing the dual challenges of security and user experience, while reducing costs to the enterprise, Duo and Badge are setting new standards for what’s possible in secure, efficient, and user-friendly identity and authentication solutions.

To learn more about Badge’s integration with Duo, check out our technology partners page or watch a short demo.

Want to learn more about Badge? Contact the Badge sales team today.