Easier, More Effective MFA for ALL: The Duo Universal Prompt Project
A long time ago, in, well, this galaxy...
Since the earliest days of Duo, we’ve been energized by a core mission: To democratize security. That means designing tools to protect users that they actually want to use. After all, security that no one uses isn’t worth much.
We’ve grown a lot as a company since then, and so has the web — and the technical standards we use to build our tools. As we plan for the future, we’re excited to announce a major initiative that will make the Duo authentication experience even easier and more effective for everyone.
But first, why are we changing at all?
Security tools are consistently viewed as friction points. Traditionally, if a solution sought to improve security, that improvement came with more rigidity and complexity.
And when security tools don’t adapt and evolve, they quickly lose value and become harder to integrate into modern environments. Such tools tend to break when new web and application standards are introduced, and often instigate a pile of help desk tickets when the workforce rejects a now outdated or cumbersome user experience.
At Duo, we plan to solve these problems with our new initiative, called the Universal Prompt Project.
The Universal Prompt Project
Okay, but what does that mean?
The Universal Prompt Project is a major technical and UX redesign of core Duo functionality, focusing on our web-based second-factor authentication prompt.
Today, we’re providing the first look at this initiative, which will roll out in phases beginning in August 2020 and continue over the next 18 to 24 months. Throughout the project, there will be opportunities to preview and test the product changes, and your participation will help shape what we deliver.
This Project Will Deliver Three Key Changes to Duo’s Product:
A redesign of our web-based authentication prompt, called the Duo Universal Prompt.
An upgrade to the Duo Web SDK that provides a new mechanism for delivering the prompt to both Duo-developed and partner-built software integrations — without the iFrame.
A redesigned Duo Mobile application that builds upon the improved user experience of the Universal Prompt.
The Duo Universal Prompt Project Is Guided by Three Key Tenets
Ease of Use
Let’s take a look at each of these broad themes, and then review where we’re going next with this project.
When Duo was founded, we built our prompt on the iFrame. At the time, it was the best way to deliver a multi-factor authentication (MFA) prompt in front of a variety of on-prem and cloud applications. Since then, the industry has evolved and there are better open standards to reliably and effectively insert an MFA prompt into an authentication flow. Meanwhile, the controls and limitations around iFrames have grown. Moving away from an iFrame-based implementation also offers more flexibility and agility as we continue to improve our security practice and user experience.
Over the past 18 months, as we reimagined the technical underpinnings of how we deliver the authentication prompt, we also studied how the authentication experience itself can play a stronger role in educating end-users about security hygiene.
Through extensive user testing, we settled on a handful of changes to the user experience of authenticating via the prompt and Duo Mobile that our research shows will improve users’ trust in MFA and increase adoption of more secure authentication methods such as Push and WebAuthn.
All of these changes add up to a better and more secure experience for end-users as we build on the success of the original Duo Prompt.
Ease of Use for Everyone
Duo is already the most flexible MFA solution, and we've simplified the experience even further. The new Universal Prompt is more adaptive and contextually aware, displaying the best available auth method based on end-user behavior and system capabilities. Onboarding end-users to Duo will also be made even easier via new instructional and educational features, as well as overall usability improvements to the enrollment flow.
Moreover, security for everyone needs to include everyone. That includes people with disabilities, and people using assistive technologies. From day one, we have worked hard to ensure that the Universal Prompt and the redesigned Duo Mobile are accessible and easy to use for all.
The needs of large technology partners and global enterprises are also at the heart of design decisions driving the Universal Prompt Project.
Both the Universal Prompt and the mobile app will expand language support, introduce better help desk contact info, and allow organizations to customize specific branding elements to provide a more seamless, comprehensible, and trustworthy experience for end-users.
We’ve got a lot more to tell you about the Universal Prompt Project, so look for regular blog updates as we delve into more detail on each component of this project.
As we get closer to making these changes generally available, we will provide guidance on planning your migration to the Universal Prompt, including:
Communications templates for your organization and end-users
Updated documentation and Duo Knowledge Base articles
Tools in the Duo Admin Panel to track your progress
Try Duo For Free
With our free 30-day trial you can see how easy it is to get started with Duo and secure your workforce, from anywhere and on any device.