Duo security is the perfect 2FA answer
October 18, 2019
Duo security is the perfect 2FA answer
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with Duo Security
We use Duo for two-factor authentication for a few applications, like VPN and Outlook Web Access. Everyone who has a VPN account or access to email externally has an account, but that spreads across several different departments. Internal to IT, we also use it for two-factor on all of our servers for remote desktop.
- Two-factor authentication - The whole point of Duo is 2FA, and it does it very well! We usually use the phone app (both for Android and Apple), but occasionally use the SMS or email options, depending on the user. We even have one user who uses a fob that generates codes!
- Easy set-up - Duo has instructions for everything it supports, and setting up users is fairly intuitive and uncomplicated.
- Supported applications - There's a long list of applications Duo supports and even some ways to use it generically.
- The mobile app notifications occasionally do not come up, and I have to launch the application manually to approve connections. It's intermittent, so it's difficult to pinpoint why this is happening.
- If a user gets a new phone, the set-up has to be done again, essentially. Modern phone OSes now tend to install apps and migrate settings, but that doesn't work for Duo. That's fine, but an option to replace a device quickly would be better. It also can't be done by the user themselves.
- Because of the nature of how Duo works on devices, those devices do need some kind of Internet connection for the push. That's not a huge disadvantage, and most 2FA software with push notifications will have the same issue, but it's something to keep in mind if you're looking to purchase.
- It's hard to gauge the exact positive ROI because we don't know if it's prevented a breach or loss of data. That is, we know we haven't had any, but we can't say we would have without Duo. But if "peace of mind" could be calculated into ROI, it would be high.
- The cost is almost negligible, even with all the features and apps it supports. There are no additional costs for securing more things, just for having more users.
- Other products we tested resulted in a lot of negative user experiences, resulting in more time spent from IT troubleshooting and assisting. Duo is straightforward for users, it required very little training. So, if you're going to have 2FA (and you should!), this has less overhead from an IT support standpoint.
Google Authenticator generates codes, which is okay for certain sites, but not quite as robust as Duo. Of course, it's cheaper, but it doesn't do as much and the setup is more complicated on the back end. The only realm in which it's really even competitive with Duo is for codes, whereas Duo has all sorts of options like push notifications. Yubico, in my opinion, isn't truly two-factor authentication. Two-factor means there's something you have, and something you know. Yubico certainly proves a human who knows a password is at a machine, but not necessarily the specific human who should. Duo, at least, authenticates via your phone (if configured), and your phone can authenticate with a fingerprint.
Do you think Cisco Duo delivers good value for the price?
Yes
Are you happy with Cisco Duo's feature set?
Yes
Did Cisco Duo live up to sales and marketing promises?
Yes
Did implementation of Cisco Duo go as expected?
Yes
Would you buy Cisco Duo again?
Yes