“After Duo was added, no more accounts were compromised.”
— Don Winsor, DCO Coordinator & Adjunct Professor
Need: Stop account takeover and reduce the impact of users with weak passwords.
Integrations: Unix servers, Windows computers, and web applications.
Users: Faculty and staff
The Departmental Computing Organization (DCO) provides computing support to faculty, staff, and students within the Electrical Engineering and Computer Science (EECS) department at the University of Michigan. They pride themselves on keeping all departmental computing services highly available and on providing effective solutions to their own customers. When they needed to protect their internal network and systems from account takeover and hacks, they chose Duo Security.
The EECS servers were regularly being targeted and compromised. Even with a highly computer-literate and security-conscious workforce, admin account passwords were the weak link. To combat account takeover, DCO decided to implement two-factor authentication. They could have built their own two-factor platform or used a token-based solution available at the University of Michigan, but they chose Duo Security for its ease of deployment, simplicity of use, and cost-effectiveness.
Many other solutions require costly hardware with complicated setups. Duo's cloud-based solution meant DCO only needed to add a few lines of Duo-provided code to their existing servers and web applications to integrate Duo into their login flows. Duo's web APIs allowed them to quickly add Duo to their custom-built applications as well.
Users will rebel against even mandatory systems if they're too difficult or cumbersome to use. Duo allows users to authenticate in whatever way is most convenient for them — from one touch with Duo Push, to passcodes, to callbacks, to tokens — and DCO uses them all. The convenience factor has been huge for them over a solely token-based system.
DCO was live on Duo in under two weeks and is now protecting DCO's network of over 60 Unix and Windows servers and internal web applications. Integrating Duo into their servers was trouble-free and they were able to quickly build integrations to their custom applications. Most importantly: no more accounts have been compromised since Duo was deployed.