Skip navigation

Etsy

“We've had nothing but good experiences with Duo. It's one of those rare security companies that actually has great UX and it's fair to say that our userbase finds it extremely easy and that makes my life easier. If people find it easy to use then they'll actually use it and that means that I sleep a little bit better at night.”
— Rich Smith, Director of Security
“This is the brilliance of Duo - most people spend so little time interacting with it, as it's so quick and simple, that they barely know they're using it.”
— Ben Hughes, Network Security Manager
 

Highlights

Etsy is a global online marketplace for handmade and vintage goods

Needed to protect their remote access solution, log viewing systems, SSH and custom-developed internal systems

Chose Duo for slickness of the mobile app and hands-off enrollment process, making it easy on administrators

Etsy administrators also loved the JSON output and easy-to-use APIs

The Challenge

As a global online marketplace, specializing in handmade and vintage goods, Etsy is determined to redefine commerce by establishing a platform for users to sell, buy and rate artists’ work.

Single-factor authentication: The weak link

With trust and integrity as a key part of their community, Etsy can only keep their users safe if they keep their organization safe first. According to Etsy’s Network Security Manager, Ben Hughes, single-factor authentication has shown itself to be a weak link in the chain as attackers become increasingly more advanced in their methods.

The Solution

“Duo Security was the first company in this space to really grasp that ease of use and user experience are vital for people to actually use security solutions,” said Ben.

Frictionless and convenient authentication with Duo Mobile

Part of making that user experience painless includes using smartphones for authentication. While other two-factor solutions may force you to buy an expensive token that’s unreliable and clunky, Duo Security’s solution enables you to use something you already have and carry around - your smartphone.

Another reason they chose Duo Security was for Duo Mobile, our free mobile app that enables users to authenticate via push notification.

“Slickness of the application and the enrollment process are the two things that leapt out at me,” said Ben. “The latest iOS 7 application is beautiful and even easier to use than before.”

Deployment: Really easy and trouble-free

With well over 600 users spanning 4 different continents and nearly a dozen countries, Etsy uses Duo Security’s two-factor authentication solution to protect their remote access solution, log viewing systems, SSH and custom-developed internal systems, used by everyone at the company.

“Thankfully, due to the excellent documentation and all the code being available on GitHub, all the deployments have been really easy and trouble free,” said Ben.

Since Duo Security’s solution is cloud-based, there was virtually no installation required, and according to Ben, the management side has been extremely easy, especially since the introduction of Admin Push for sign-in.

Bulk user enrollment and usability eased administrator woes

Etsy used the bulk enroll option offered by Duo Security. According to Ben, this was the best option for Etsy as it sends an enrollment email to each user, allowing them to provision new users without even needing to know their phone number.

For their users, it was incredibly easy - they simply get an email to enroll on their first day of work, walk through the easy prompts to get signed up, and then they’re done.

“This is the brilliance of Duo - most people spend so little time interacting with it, as it's so quick and simple, that they barely know they're using it.”

For administrators, they loved the JSON output and easy-to-use APIs, as well as the simplicity of creating new integrations.

“Duo really feels like one of those systems that was, for once, made how you would make it,” said Ben. “[Duo Security] is a shining example of security done right for once, as they’re user-focused, with clarity over who they’re designing for, rather than just forcing security on people rashly.”

Ready to Get Started?

Try out Duo's Platform Edition for 30 days to get the full Trusted Access experience.