What is Two-Factor Authentication (2FA)?
Two-factor authentication (2FA) strengthens access security by requiring two methods (also referred to as factors) to verify your identity. These factors can include something you know – like a username and password, plus something you have – like a smartphone app to approve authentication requests.
2FA protects against phishing, social engineering and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.
About 63% of confirmed data breaches involved weak, default or stolen passwords.
— Source: Verizon 2016 Data Breach Investigations Report
Duo Mobile. Secure Two-Factor Authentication App
Secure access to work and personal, cloud and on-premises apps with one simple app – Duo Mobile.
Easy, One-Tap Authentication
Logging in securely is fast and easy with Duo Push, the more secure method of two-factor authentication supported by Duo Mobile. Users quickly verify their identity by approving push notifications before accessing applications. They can easily stop fraudulent attempts to access company data by tapping the deny button.
Duo Mobile can also generate time-based one-time (TOTP) passcodes that users can type into their login prompt to complete the two-factor authentication process.
Duo Restore
Provide your users the ability to backup and restore their Duo Mobile app with Duo Restore. Enable Android and iOS Duo Mobile users to back up their Duo-protected accounts and recover them when they get a new device – no help desk ticket needed. Learn more about Duo Restore.
Security Checkup
Security Checkup is available on iOS and Android through Duo Mobile. By providing a security score of users’ devices, this feature empowers users to maintain the security hygiene of their mobile devices via Duo Mobile notifications. Learn more about Security Checkup.
Download Duo Mobile
Duo Mobile works on every device – including smartwatches. Use your Apple Watch to receive login requests on your wrist, and authenticate on your iPhone, iPad or Apple Watch. Duo Mobile for iOS also supports Touch ID, an additional layer of security to verify your users’ identities.
Duo Mobile works with Apple iOS, Google Android, Palm, Windows Phone 7, Windows Mobile 8.1 and 10, and J2ME/Symbian. Download Duo Mobile for iPhone or Duo Mobile for Android – they both support Duo Push, passcodes and third-party TOTP accounts.
Security Designed for People
We know the most effective security solution is one your users actually use.
Duo’s 2FA solution only requires your users to carry one device – their smartphone, with the Duo Mobile app installed on it. Duo Mobile is available for iPhones, Androids and many more.
Logging in via push notification is fast and easy with Duo Mobile. We strongly recommend using Duo Push or U2F as your second factor, a more secure method that can protect against man-in-the-middle (MITM) attacks. Duo also support many different authentication methods to fit the unique needs of your diverse user base.
Easy, Effective and Secure
To ensure every point of access is protected, Duo’s Trusted Access solution easily integrates with on-premises, web-based and cloud-based applications.
Duo’s simple and secure single sign-on is the easiest way for your users to access all of their cloud applications by logging in once to a web portal.
User Access Policies
Duo collects data on every authentication request to your applications so you can make informed security policy decisions. With information on your users, devices and their authentication activity, you can get complete visibility into who’s accessing what.
Duo’s User Access Policies allow you to limit access per certain user groups to strengthen your security profile – e.g., block login attempts from countries you don’t do business in, or block users on anonymous networks.
Trusted Access
As Duo verifies your users’ identities, we also check their devices to ensure they’re healthy and up to date before allowing them access to your applications.
Two-factor authentication (2FA) is only one key step in this comprehensive approach to security – Trusted Access is the complete solution that includes Trusted Devices to protect Every Application.
Two-Factor Authentication Methods
Each two-factor authentication (2FA) method has their own advantages and disadvantages for different types of users.
Push Notifications
Verify your identity by approving a push notification from an authentication mobile app on your smartphone or wearable.
Security Tokens
Using a hardware token, you can press a button to verify. This device is programmed to generate a passcode that you must type into your two-factor prompt.
SMS Passcodes
A unique passcode is sent to your phone via SMS that you must type into your two-factor prompt.
Phone Callbacks
This method calls your phone and waits for you to pick up and press any key to authenticate before granting you access to your account.
TOTP
Similar to SMS, a two-factor authentication app can generate new, unique passcodes for you to type into the two-factor prompt. These are known as time-based one-time passcodes (TOTP).
U2F Device
Universal 2nd Factor (U2F) is an authentication standard that uses an authenticator (a USB hardware device) and a server. A user authenticates by tapping the device inserted into their computer’s USB drive.
What is Out-of-Band Authentication (OOBA)?
This refers to conducting two-factor authentication (2FA) over a different, separated network or channel than the primary network or channel. So, let’s say you use a username and password to complete the primary authentication – that’s sent over the Internet (primary network).
You’ll want to use a different channel to complete your second factor. Approving a push notification sent over your mobile network is an example of out-of-band authentication.
Why does it matter? If a remote attacker is able to tap into your computer via your Internet connection, they can steal your password, and your second form of authentication – if delivered over the same channel.
Why Two-Factor Authentication (2FA)?
Two-factor authentication (2FA) is one of the best ways to protect against remote attacks such as phishing, credential exploitation and other attempts to takeover your accounts.
Without your physical device, remote attackers can’t pretend to be you in order to gain unauthorized access to corporate networks, cloud storage, financial information, etc. stored in applications.
By integrating two-factor authentication with your applications, attackers are unable to access your accounts without possessing your physical device needed to complete the second factor.