Skip navigation

University of Michigan Departmental Computing Organization

“After Duo was added, no more accounts were compromised.”
— Don Winsor, DCO Coordinator & Adjunct Professor

Highlights

Need: Stop account takeover and reduce the impact of users with weak passwords.

Integrations: Unix servers, Windows computers, and web applications.

Users: Faculty and staff

Who Do the Go-To Guys Go to for Security?

The Departmental Computing Organization (DCO) provides computing support to faculty, staff, and students within the Electrical Engineering and Computer Science (EECS) department at the University of Michigan. They pride themselves on keeping all departmental computing services highly available and on providing effective solutions to their own customers. When they needed to protect their internal network and systems from account takeover and hacks, they chose Duo Security.

Passwords Are the Weakest Link

The EECS servers were regularly being targeted and compromised. Even with a highly computer-literate and security-conscious workforce, admin account passwords were the weak link. To combat account takeover, DCO decided to implement two-factor authentication. They could have built their own two-factor platform or used a token-based solution available at the University of Michigan, but they chose Duo Security for its ease of deployment, simplicity of use, and cost-effectiveness.

Integration Doesn't Need to Be Complicated

Many other solutions require costly hardware with complicated setups. Duo's cloud-based solution meant DCO only needed to add a few lines of Duo-provided code to their existing servers and web applications to integrate Duo into their login flows. Duo's web APIs allowed them to quickly add Duo to their custom-built applications as well.

Make It Easy to Use and They Will Use It

Users will rebel against even mandatory systems if they're too difficult or cumbersome to use. Duo allows users to authenticate in whatever way is most convenient for them — from one touch with Duo Push, to passcodes, to callbacks, to tokens — and DCO uses them all. The convenience factor has been huge for them over a solely token-based system.

The Results: Zero Breaches

DCO was live on Duo in under two weeks and is now protecting DCO's network of over 60 Unix and Windows servers and internal web applications. Integrating Duo into their servers was trouble-free and they were able to quickly build integrations to their custom applications. Most importantly: no more accounts have been compromised since Duo was deployed.

Ready to Get Started?

Try out Duo Access for 30 days to get the full Trusted Access experience.