Skip navigation
Two-Factor Authentication Methods

Support Every User

Authenticate anywhere, anytime, with any device using Duo’s options for two-factor authentication methods. Two-factor authentication lets you verify your users’ identities before they log in to protect against phishing and other identity-related attacks.


Universal 2nd Factor (U2F) allows users to tap a USB device to log into their accounts securely. The device protects private keys with a tamper-proof secure element (SE).

Learn More About U2F

Phone Callback

No texts? No problem. Duo will call your cell phone, landline or car phone. All you need to do is answer and press a key to quickly authenticate.

Learn More About Phone Callback


Duo uses HOTP to generate codes for all application integrations. Duo Mobile also generates time-based one-time passcodes (TOTP) for third-party sites that support it.

Learn More About TOTP

Duo Push

Secure Two-Factor Authentication

Duo Push lets you quickly approve login requests via your smartphone and smartwatch using the Duo Mobile app. Just tap “Approve” and you’re in.

We strongly recommend using Duo Push as your second factor, a more secure method that can protect against man-in-the-middle (MITM) attacks. Duo Push is resilient against credential-stealing attacks, including bypasses of one-time passwords.

Learn More About Duo Push

Security Tokens

We support all OATH HOTP-compatible tokens and YubiKeys for users that still need to use physical hardware tokens.

Learn More About Security Tokens

SMS Passcodes

No Internet? No problem. Receive passcodes on your phone by text message, and authenticate by typing them into your secondary login prompt.

Learn More About SMS Passcodes

Bypass Codes

We provide bypass codes, useful for lost devices or to provide temporary, single, event or time-based access for contractors.

Learn More About Bypass Codes

  • “The thing that I personally love about Duo is, the interface is absolutely slick. You just can’t beat the fact that it’s one touch, one button, one press.”

    — Paul Pieralde, Principal Product Security Engineer, Eventbrite
  • “It has been very easy to direct users to download and use the Duo-Push phone app. Management is easy using Duo’s web interface and we can gain insights into usage with the reporting tools.”

    — Joe Menendez, Senior Developer, DataComm Networks Incorporated

Ready to Get Started?

Try out Duo Access for 30 days to get the complete Unified Access Security experience.