Skip navigation
Two-Factor Authentication (2FA)

Double Up on Security

The simplest, most effective way to make sure users are really who they say they are.

What is Two-Factor Authentication (2FA)?

Two-factor authentication (2FA) strengthens access security by requiring two methods (also referred to as factors) to verify your identity. These factors can include something you know - like a username and password, plus something you have - like a smartphone app to approve authentication requests.

2FA protects against phishing, social engineering and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.

About 81% of confirmed data breaches in the Accomodations industry involved stolen credentials.

-- Source: Verizon 2018 Data Breach Investigations Report

Security Designed for People

We know the most effective security solution is one your users actually use.

Duo’s 2FA solution only requires your users to carry one device - their smartphone, with the Duo Mobile app installed on it. Duo Mobile is available for iPhones, Androids and many more.

Logging in via push notification is fast and easy with Duo Mobile. We strongly recommend using Duo Push or U2F as your second factor, a more secure method that can protect against man-in-the-middle (MITM) attacks. We also support many different authentication methods to fit the unique needs of your diverse user base.

Find out how Duo stacks up against traditional 2FA solutions.

Easy, Effective and Secure

To ensure every point of access is protected, Duo’s trusted access solution easily integrates with on-premises, web-based and cloud-based applications.

Our simple and secure single sign-on is the easiest way for your users to access all of their cloud applications by logging in once to a web portal.

User Access Policies

We collect data on every authentication request to your applications so you can make informed security policy decisions. With information on your users, devices and their authentication activity, you can get complete visibility into who’s accessing what.

Duo’s user access policies allow you to limit access per certain user groups to strengthen your security profile - e.g., block login attempts from countries you don't do business in, or block users on anonymous networks.

Secure, Smart Access

As Duo verifies your users’ identities, we also check their devices to ensure they’re healthy and up to date before allowing them access to your applications.

Two-factor authentication (2FA), or multi-factor authentication (MFA), is one key step in your journey to a zero-trust security model. A complete trusted access solution includes endpoint visibility, adaptive authentication & policy enforcement and remote access & single sign-on to protect to protect every application.

Two-Factor Authentication Methods

Each two-factor authentication (2FA) method has their own advantages and disadvantages for different types of users.

Push Notifications

Verify your identity by approving a push notification from an authentication mobile app on your smartphone or wearable.

Learn About Push

Security Tokens

Using a hardware token, you can press a button to verify. This device is programmed to generate a passcode that you must type into your two-factor prompt.

Learn About Security Tokens

SMS Passcodes

A unique passcode is sent to your phone via SMS that you must type into your two-factor prompt.

Learn About SMS Passcodes

Phone Callbacks

This method calls your phone and waits for you to pick up and press any key to authenticate before granting you access to your account.

Learn About Phone Callback


Similar to SMS, a two-factor authentication app can generate new, unique passcodes for you to type into the two-factor prompt. These are known as time-based one-time passcodes (TOTP).

Learn About TOTP

U2F Device

Universal 2nd Factor (U2F) is an authentication standard that uses an authenticator (a USB hardware device) and a server. A user authenticates by tapping the device inserted into their computer’s USB drive.

Learn About U2F

What is Out-of-Band Authentication (OOBA)?

This refers to conducting two-factor authentication (2FA) over a different, separated network or channel than the primary network or channel. So, let’s say you use a username and password to complete the primary authentication - that’s sent over the Internet (primary network).

You’ll want to use a different channel to complete your second factor. Approving a push notification sent over your mobile network is an example of out-of-band authentication.

Why does it matter? If a remote attacker is able to tap into your computer via your Internet connection, they can steal your password, and your second form of authentication - if delivered over the same channel.

Phone entry blocked for thief by two-factor authentication

Why Two-Factor Authentication (2FA)?

Two-factor authentication (2FA) is one of the best ways to protect against remote attacks such as phishing, credential exploitation and other attempts to takeover your accounts.

Without your physical device, remote attackers can’t pretend to be you in order to gain unauthorized access to corporate networks, cloud storage, financial information, etc. stored in applications.

By integrating two-factor authentication with your applications, attackers are unable to access your accounts without possessing your physical device needed to complete the second factor.

Two-Factor Authentication (2FA) Resources

Evaluation Guide Book

Get the ultimate guide to comparing two-factor authentication (2FA) solutions.

Gain insight into concrete criteria for evaluating technologies and vendors with Duo’s Two-Factor Authentication Evaluation Guide.

Download the Guide
  • Duo Security has been the single most successful enterprise deployment I’ve ever been involved with.

    — Lance Honer, Security Manager, Day & Zimmermann
  • “Duo’s easy for end-users to use. It’s easy for IT employees to manage. That combination makes it a great option for our needs.”

    — Rocky Jenkins, IT Director, Eastern Michigan University