Two-factor authentication (2FA) strengthens access security by requiring two methods (also referred to as factors) to verify your identity. These factors can include something you know - like a username and password, plus something you have - like a smartphone app to approve authentication requests.
2FA protects against phishing, social engineering and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.
About 63% of confirmed data breaches involved weak, default or stolen passwords.
-- Source: Verizon 2016 Data Breach Investigations Report
We know the most effective security solution is one your users actually use.
Logging in via push notification is fast and easy with Duo Mobile. We strongly recommend using Duo Push as your second factor, a more secure method that can protect against man-in-the-middle (MITM) attacks.
We also support many different authentication methods to fit the unique needs of your diverse user base.
Our simple and secure single sign-on is the easiest way for your users to access all of their cloud applications by logging in once to a web portal.
We collect data on every authentication request to your applications so you can make informed security policy decisions. With information on your users, devices and their authentication activity, you can get complete visibility into who’s accessing what.
Duo’s User Access Policies allow you to limit access per certain user groups to strengthen your security profile - e.g., block login attempts from countries you don't do business in, or block users on anonymous networks.
As Duo verifies your users’ identities, we also check their devices to ensure they’re healthy and up to date before allowing them access to your applications.
Verify your identity by approving a push notification from an authentication mobile app on your smartphone or wearable.
Using a hardware token, you can press a button to verify. This device is programmed to generate a passcode that you must type into your two-factor prompt.
A unique passcode is sent to your phone via SMS that you must type into your two-factor prompt.
This method calls your phone and waits for you to pick up and press any key to authenticate before granting you access to your account.
Similar to SMS, a two-factor authentication app can generate new, unique passcodes for you to type into the two-factor prompt. These are known as time-based one-time passcodes (TOTP).
Universal 2nd Factor (U2F) is an authentication standard that uses an authenticator (a USB hardware device) and a server. A user authenticates by tapping the device inserted into their computer’s USB drive.
This refers to conducting two-factor authentication (2FA) over a different, separated network or channel than the primary network or channel. So, let’s say you use a username and password to complete the primary authentication - that’s sent over the Internet (primary network).
You’ll want to use a different channel to complete your second factor. Approving a push notification sent over your mobile network is an example of out-of-band authentication.
Why does it matter? If a remote attacker is able to tap into your computer via your Internet connection, they can steal your password, and your second form of authentication - if delivered over the same channel.
Two-factor authentication (2FA) is one of the best ways to protect against remote attacks such as phishing, credential exploitation and other attempts to takeover your accounts.
Without your physical device, remote attackers can’t pretend to be you in order to gain unauthorized access to corporate networks, cloud storage, financial information, etc. stored in applications.
By integrating two-factor authentication with your applications, attackers are unable to access your accounts without possessing your physical device needed to complete the second factor.
Gain insight on concrete criteria for evaluating technologies and vendors with Duo Security’s Two-Factor Evaluation Guide.Download the Guide
“Duo Security has been used to secure some of the most valuable and security sensitive systems in our environment (e.g. VPN, domain controller access, password vault access, etc.). The level of security Duo brings to those systems outweighs any alternative solution we have investigated to date.”
“Duo’s easy for end-users to use. It’s easy for IT employees to manage. That combination makes it a great option for our needs.”