Duo Security Rides Growing Interest in Two-Factor Authentication

(Page 2 of 2)

the device in order to log in and provide a second authentication method in addition to a password. At the moment, it has to be used with Google Chrome, but Brian Kelly, Duo’s principal product marketing manager, says that users can leave it or take it with them and it’s “completely phishing proof.”

“Overall awareness of two-factor authentication is at peak levels,” Kelly says. Last year, Google, Microsoft, PayPal, and other heavy hitters in the IT realm put aside their competitive differences and got together to brainstorm how they could improve the authentication process, he says, realizing that an effective solution couldn’t come from just one entity. “Two-step authentication is becoming more of a household best practice, like backing up your data was a decade ago. I think two-factor authentication is reaching a similar level of maturity, and U2F is the first one to get market traction because it’s very pragmatic and specific about what it’s trying to deliver. Customers can choose their vendor, and everything is interoperable and compatible because we weren’t getting anywhere with proprietary solutions.”

While FIDO U2F was initially created for the consumer market, Kelly says Duo recognized that this same technology could also significantly bolster authentication on the business side. Google, Yubico, and the FIDO Alliance are marketing U2F devices to consumers, while Duo’s target customer is the enterprise market. Kelly adds that businesses that don’t have the resources to create their own in-depth security infrastructure are Duo’s “sweet spot.” But that’s not to say Duo’s customers are mostly small businesses, since Kelly says Duo’s security technology is used in-house by Facebook, Yelp, Etsy, and Tumblr employees, among others.

“Duo is focused on the business-to-business use case, though the marketing has to be end user-friendly,” Kelly points out. “We’re not targeting customers, but the businesses that want to offer it to their customers. As far as we know, we’re the first business-to-business vendor to support this new standard.”

Earlier this month, Duo also released its API edition, which enables developers to add two-factor authentication to their apps. The starting price for this feature is $3 per user per year with a minimum of 10,000 users, and Duo Security takes care of all of the operational aspects of authentication: alerting, reporting, key management and provisioning, and self-service device management. Current Duo API customers include Egnyte, Computer Services Inc., Gamesys, OTC Markets, and Dell SecureWorks.

“We’re taking the same authentication platform for internal use and applying it to much larger-scale access,” Kelly says. “We had been selling it on a case-by-case basis until we learned what people wanted. Now, we’re formally offering it because of market conditions and lots of people wanting it.”

In addition to the API Edition, Duo Security this month also released its mobile software development kit for iOS and Android, which allows mobile app providers to embed in-app authentication capabilities.

With so much growth in the past year and ever-increasing threats to keeping personal data secure, Song says Duo’s challenge now is attracting and retaining top talent. The company has roughly 100 employees, with 10 open positions currently listed on its website.

“We’re continually hiring,” he adds.

Single PageCurrently on Page: 1 2 previous page

Trending on Xconomy

By posting a comment, you agree to our terms and conditions.

One response to “Duo Security Rides Growing Interest in Two-Factor Authentication”

  1. Hitoshi Anatomi says:

    The two-factor authentication, though not a silver bullet, could be reliable when it comes with a reliable password. 2 is larger than 1 on paper, but
    two weak boys in the real world may well be far weaker than a toughened
    guy. Physical tokens and phones are easily lost, stolen and abused. Then the password would be the last resort. It should be strongly emphasized
    that a truly reliable 2-factor solution requires the use of the most reliable
    password.

    Using a strong password does help a lot even against the attack of cracking the stolen hashed passwords back to the original passwords. The problem is that few of us can firmly remember many such strong passwords.  We cannot run as fast and far as horses however strongly urged we may be. We are not built like horses.

    At the root of the password headache is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.