DUO Security - 2 Factor Authentication that works!
November 16, 2017
DUO Security - 2 Factor Authentication that works!
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with Cisco Secure Access by Duo
Duo Security is used as a 2-factor authentication method when accessing a server locally or remotely via SSH. This is especially true with Linux based servers that contain mission critical functions or sensitive data. This enables the admin users to access the systems they need while keeping intruder users out. It also solved a very real issue around VPN users who now are required to have 2-factor authentication. You can build all the necessities to lock down your network from outside intrusion, but a simple mistake from an end user to accidentally write or share their credentials can defeat any and all efforts you or your team have made.
Duo Security is also very viable for specific use cases such as VPN Access, Administration Access to servers, working in conjunction with a RADIUS server, use of hardware tokens as well as mobile 2-factor text messages. The list of ready to use applications with easy setup is extensive and well documented.
The Duo Security authentication proxy has not been the easiest for integrating into our network however, once it was installed and working, everything just sort of fell into place.
Duo Security is also very viable for specific use cases such as VPN Access, Administration Access to servers, working in conjunction with a RADIUS server, use of hardware tokens as well as mobile 2-factor text messages. The list of ready to use applications with easy setup is extensive and well documented.
The Duo Security authentication proxy has not been the easiest for integrating into our network however, once it was installed and working, everything just sort of fell into place.
- Easy and ready to use solutions for popular systems such as Cisco, SonicWall, Windows services, OpenVPN, and some of the most popular password managers.
- It provides hardware tokens and U2F devices if a mobile device isn't available. Hardware tokens can sometimes be confusing or very in depth to integrate where Duo Security can make this very easy.
- Policy driven administrative control of the users and which devices they should use or applications to use. They can be defined on a system wide or application level.
- They offer a great and in depth process and documentation around popular systems, but that may leave you feeling stranded when attempting to use with other devices not listed. For example, MikroTik routers are not officially supported nor was it easy to connect to our LDAP servers without an additional RADIUS Server on top of the DUO Security Proxy.
- Adding in multiple devices per user is a great feature since not all users will have their phone with them or a Hardware Token with them. It was easy to setup and use but found it difficult to tie one application to one user with multiple devices which can be used to authenticate.
- Cost of telephone messages are a bit expensive compared to other competitors.
- It's never easy to see the dollar side of a ROI when it comes to integrating new IT systems. Specifically with DUO Security. It is always seen as an added cost or a negative impact to the end users. The company or organization however will be thankful when system access is way more secure via end user authentication.
- The costs of telephone messages or calls to a user's mobile device can be costly depending on how often or how many users and applications DUO Security has setup to use. It will cost $10.00 (USD) per 1,000 telephone credits.
- End users were not happy to require 2-factor authentication using VPN through their mobile device and to receive a request to authenticate through the same phone. Hardware Tokens with mobile devices such as YubiKey without a digital readout on the device itself could also complicate this particular setup.