Eventbrite has processed more than two billion dollars worth of tickets, as well as hosting millions of events on their platform since 2006. As a major online ticket marketplace, the security of Eventbrite’s assets and users’ information is top of mind for Eventbrite’s security team.
The company was concerned about a variety of security issues, including threats to the company, integrations within the user base and the security of monetary transactions between companies.
Two-factor authentication for PCI DSS
Eventbrite was seeking two-factor authentication for two main reasons:
- Two-factor authentication for remote access is mandated as a requirement for PCI DSS compliance, a set of data security regulations for all retail and e-commerce companies.
- They realized other companies were getting breached because they didn’t have two-factor authentication.
They knew that employees often chose weak passwords, and frequently reused the same passwords across different sites.
As a result, they realized that passwords just weren’t enough to protect the assets that Eventbrite has in its possession, including the tools and infrastructure used to administer their site on behalf of their users.
Eventbrite was seeking out a variety of two-factor authentication solutions to protect remote logins, for example, their SSH access to production systems.
That’s where Duo came in: “Duo is unique in that it allows us to not only protect our website, but to protect our SSH connections and a wide variety of other assets as well,” said Eventbrite Principal Product Security Engineer, Paul Pieralde.
Slick user interface
While lots of other solutions involved typing passcodes or other processes that felt clunky or like old technology, Duo Security’s two-factor solution simplified the process and provided ease of use for Eventbrite’s employees.
“The thing that I personally love about Duo is, the interface is absolutely slick. You just can’t beat the fact that it’s one touch, one button, one press.”
In order to ensure the two-factor project was a success, Paul had to make it as easy as possible with the least amount of impact to their users’ day-to-day operations - he knew that Duo had the technology to do that.
2FA is in our DNA: Strong roots in security
Paul also stated that the reputation of the founders precedes them, as Duo Security’s co-founders have a very strong industry reputation and security presence.
“Knowing that Dug and Jon were behind the scenes architecting and orchestrating the company was really reassuring.”
Duo did the work for them
When they first deployed, they started with a few people enrolled with Duo as test subject, then enrolled a few more. But each time, they had to ask their operations team to make a change to their production servers, making it a hassle.
“I then realized that Duo could actually do all the work for me - which is great - so I just enrolled everybody through the APIs.”
Paul’s high level of confidence in Duo’s deployment led him to make the switch at 4:30 in the afternoon. “At some point, I changed every single employee to be enabled, and then I went off to have a beer - it was great. And nobody called me.”
Friction-free & highly versatile
Eventbrite has made it their passion and mission to make a very easy-to-use product that serves a wide variety of people. With Duo’s two-factor solution, Eventbrite can take advantage of our frictionless design, interface and ease of integration.
They can also serve a multitude of different users in different scenarios, allowing the ability to use passcodes when traveling without phones. Or, if users forget their phone at home, they can use their desk phones to authenticate via callback through an admin console.
“Like all great security products - they should silently fall away into the background. You shouldn’t ever see a good security product, and that’s what we see with Duo.”