Making Duo Even Easier: Improving UX With the Universal Prompt Project
As verifying our identity becomes a more fundamental and frequent part of our regular online experience, ease of use becomes paramount. First, it can change how we see the role of security in our lives.
Ease of use can potentially save hundreds, if not thousands of hours for a given organization.
In fact, a recent study of 2FA implementation found that last year, the time spent verifying identity was more than 29,000 hours for the University of Illinois at Urbana Champaign, and 35,000 hours for the University of California, Berkeley
Beyond our personal experience, making two-factor authentication easier can also impact the overall productivity of our company or organization.
"If we make “the right thing to do the easy thing to do,” then staying safe online can be a positive part of our regular routine." — Sally Carson, Duo Design Leader.
Fundamentally Redesigning Duo
We recently announced the Universal Prompt Project, an extensive redesign to Duo’s core authentication product. It is part of our mission to combine the most secure with the most user friendly experiences, making online safety feel as easy as possible.
Today we’ll be taking a deeper look at one of the project's core pillars — ease of use — and examining how we’re making the Universal Prompt and Duo Mobile app a more seamless experience for our users.
An Easier Prompt Experience
Over the last two years, we’ve been extensively researching how our users (internally, we use a persona named Lee) normally login and experience the Duo Prompt. Our interviews and usability tests revealed a few key areas that, together, could have a huge impact on improving its ease of use.
Last Used Method
Our research shows that most Duo users only use a single authentication method — a Duo Push, text message, and so on — when logging in. However, the current Duo Prompt displays a bunch of options every time, even if you only ever choose one.
To speed up the experience, our new Universal Prompt will display your last used authentication method whenever you login, saving you a click and making the experience even faster.
Pick your favorite option, and it automatically displays the next time.
Auto-Push Notifications
Duo Push is by far the most popular method for 2FA, representing over 45% of Duo’s identity verifications worldwide. It’s already one of the easiest methods, allowing you to tap a single button that sends a push notification straight to your phone, to approve or deny. During the redesign process, though, we challenged ourselves to ask — how might we make receiving a Duo Push even easier?
One feature that we’re actively testing for the Universal Prompt is having auto-push set as the default behavior, so at the moment you need to verify your identity, a push notification is already available on your phone.
Simply check your phone and tap to approve
Remember Me
The Duo Prompt has an awesome feature called “Remember Me” that allows you to trust your browser and thus bypass 2FA in the future, saving lots of time and energy. In our user research, however, we discovered that the “Remember Me” checkbox was relatively easy to miss, and buried underneath a few other options that made it hard to distinguish on the screen.
With the new Universal Prompt, there’s a more visible call to “Remember Me” that makes it easier to discover, select, and save. Now you can more easily remember your browser and save time logging in when visiting the prompt in the future.
We’re actively A/B testing a few variants to determine what can save the most time, for both you and your organization.
Easily remember a session and bypass 2FA in the future
An Easier Mobile Experience
Guiding Users Along the Way
As mentioned earlier, Duo Push is by far the most popular option with end-users to verify their identity. The onboarding experience is pivotal because it is the very first impression a user has with a product. This is the critical moment to educate and build trust with a user. In user research, we observed users onboarding to use Duo Push for the first time, and took note of where and when the process might be simplified and improved.
The new onboarding experience will provide security education along the way and allows users to practice when to deny or approve a Duo Push. In testing, we've found a dramatic increase in Duo Mobile's ease of use score. This means that users feel more confident about their Duo Push onboarding experience, and they are enabled to set up Duo without needing IT admin support.
Educating end-users during onboarding
Designing For All Types of Users
The Mobile experience is also updating to a modern card-based approach for organizing accounts. We know from usage data that Mobile end-users range from having one account to having 4 or more. And from power user feedback, we heard how cumbersome it is to scroll through many accounts and recognize the difference between them. To address this, the new card design enables similar types of accounts to be grouped together without complicating things for users with only one or two accounts.
In addition to a new card base layout, we updated how to manage each account. In user research, we found it was difficult to locate how to do this in today's app. Now, this functionality has moved to the top right-hand corner of each account, which drastically improved discoverability in usability testing.
New card based design to support multiple accounts
Conclusion
Ease of use is important, especially as verifying our identity becomes a more fundamental and frequent part of our regular online experience. It can change how we see the role of security in our lives, and help large groups save thousands of hours for their people.
As Duo continues to scale with the Universal Prompt Project, one of biggest — and most rewarding — challenges has been to keep radical simplicity at the heart of everything we do.
“The true enemy of security is complexity. The most important thing we can do to stay safe is simplify and get the basics right.” — Dug Song, general manager of Cisco Zero Trust and Duo Security
What’s Next?
We’ve got a lot more to tell you about the Universal Prompt Project, so look for regular blog updates as we delve into more detail on each component of this project.
As we get closer to making these changes generally available, we will provide guidance on planning your migration to the Universal Prompt, including:
Communications templates for your organization and end-users
Updated documentation and Duo Knowledge Base articles
Tools in the Duo Admin Panel to track your progress
Try Duo For Free
With our free 30-day trial you can see how easy it is to get started with Duo and secure your workforce, from anywhere and on any device.