Single-factor authentication: The weak link
With trust and integrity as a key part of their community, Etsy can only keep their users safe if they keep their organization safe first. According to Etsy’s Network Security Manager, Ben Hughes, single-factor authentication has shown itself to be a weak link in the chain as attackers become increasingly more advanced in their methods.
“Duo Security was the first company in this space to really grasp that ease of use and user experience are vital for people to actually use security solutions,” said Ben.
Frictionless and convenient authentication with Duo Mobile
Part of making that user experience painless includes using smartphones for authentication. While other two-factor solutions may force you to buy an expensive token that’s unreliable and clunky, Duo Security’s solution enables you to use something you already have and carry around - your smartphone.
Another reason they chose Duo Security was for Duo Mobile, our free mobile app that enables users to authenticate via push notification.
“Slickness of the application and the enrollment process are the two things that leapt out at me,” said Ben. “The latest iOS 7 application is beautiful and even easier to use than before.”
Deployment: Really easy and trouble-free
With well over 600 users spanning 4 different continents and nearly a dozen countries, Etsy uses Duo Security’s two-factor authentication solution to protect their remote access solution, log viewing systems, SSH and custom-developed internal systems, used by everyone at the company.
“Thankfully, due to the excellent documentation and all the code being available on GitHub, all the deployments have been really easy and trouble free,” said Ben.
Since Duo Security’s solution is cloud-based, there was virtually no installation required, and according to Ben, the management side has been extremely easy, especially since the introduction of Admin Push for sign-in.
Bulk user enrollment and usability eased administrator woes
Etsy used the bulk enroll option offered by Duo Security. According to Ben, this was the best option for Etsy as it sends an enrollment email to each user, allowing them to provision new users without even needing to know their phone number.
For their users, it was incredibly easy - they simply get an email to enroll on their first day of work, walk through the easy prompts to get signed up, and then they’re done.
“This is the brilliance of Duo - most people spend so little time interacting with it, as it's so quick and simple, that they barely know they're using it.”
For administrators, they loved the JSON output and easy-to-use APIs, as well as the simplicity of creating new integrations.
“Duo really feels like one of those systems that was, for once, made how you would make it,” said Ben. “[Duo Security] is a shining example of security done right for once, as they’re user-focused, with clarity over who they’re designing for, rather than just forcing security on people rashly.”