Duo Mobile SDK

Duo Mobile is a two-factor authentication method used to improve the security of apps and websites mostly. Duo Mobile SDK comes with a wide array of features and, in this article, we will take a look at the main ones.

FEATURES

Besides using the two-factor authentication method, Duo Mobile SDK uses an advanced endpoint security solution. But what it makes of Duo Mobile SDK one of the leaders in the industry is their ability to automatize the process so that the developer doesn’t have to worry about it. Duo Mobile SDK handles all the authentication like the provisioning or the key management as well as the alerts and reports.

By using an advanced method, Duo Mobile SDK safely protects users from phishing attacks and other cyber-burglary methods like using somebody’s credentials to gain access to sensitive data on the client or the server side. Duo Mobile SDK is used by many big companies because of its reliability and security features, some examples of big guys on their list are Egnyte, Computer Services, Inc., Gamesys, OTC Markets, and Dell SecureWorks and Facebook. Yes, the social media giant uses Duo Mobile SDK as well.

So, what to do if you want to use Duo Mobile SDK for your app or website? First thing you’ll have to sign up in their website and choose a plan. There are several plans with different prices but they range from $1 to $6 per user and month. There is also a free plan that includes a very limited support for just 10 users. Honestly, a plan like that is almost useless and it is probably intended for you to try the service and not to get any advantage from it. The process is very easy and straightforward. Then, once you have done that you need to setup the integration which is just to set what you want to protect. There are many security options, not just protecting a website. Once you have saved the info you will visit a page with the settings to fine tune the authentication. You will also get the credentials so, don’t share these. Then you will be presented with the policy section to define when users are going to use the two-factor authentication. There you can define if all the users will be required to use it, or they will be prompted to enroll to it. This is because some users think the two-factor authentication is a pain in the neck and a waste of time and can be a turn-off for them. The paid SDK has many options to give you a very granular control over everything involved in the login and enrollment process so, don’t think you only have the option to activate for all, disable for all or ask for enrollment. The whole process can be customized to your best needs, always caring about the user’s security.

Next step is to add it to your App or your website. You need to make some server-side adjustments in the code if you want this to work properly, but Duo Mobile SDK has already thought about this and provided a nice array of libs for you to use. This works for ColdFusion, Python, Ruby, ASP, ASP.net, Java, PHP, Node.js and Perl. This is because you need the user to fill additional information for the two-factor authentication and you have to implement that either on your app or your website. The provided libraries can be useful for some cases but may not be appropriate for others and you’ll have to implement all the code by yourself.

Since the two-factor authentication is usually optional due to its cumbersome nature, not all of your users will have to do the process of having to enter their cellphone number and then verify the code with a text message or a phone call. Once the user has chosen if he wants text or a phone call, a message or a call will be sent with a six-digit validation code and then the user will have to download the app if a cellphone is being used, if the code is correct of course. All this takes place in Duo Mobile’s side, all your app has to do is to wait for the process to be finished. So, after that, all your user has to do is to login with the two-factor authentication. Since this is an optional step, some users may have not enrolled and will be redirected to your regular login method using username and password. If the user opted for the two-factor one, this will be enforced.

PROS AND CONS

PROS

• Very reliable.
• Trusted by many big companies all over the world.
• Two-factor authentication is a real security improvement
• Works on apps and websites alike
• Has different pricing plans
• Quite easy to configure for the user
• Fast to be configured on the server side
• The two-factor authentication is optional

CONS

• Two-factor authentication is cumbersome for many users and they can be turned off when they see it.
• Sometimes, losing the cellphone is easier than losing a password
• There is no real free plan
• Their service fees are a bit pricey

CONCLUSION

Two-factor authentication is a good security improvement; however, many users don’t like it. The fact that you have to rely on your cellphone to login to a website is cumbersome and slow so, many users can be turned off just by the sight of it. Besides that, having information stored into your cellphone is not always a good idea, considering how easy to lose these devices is. This is partially solved by making the two-factor authentication an optional feature but still, some users don’t like to give their cellphone numbers to apps, websites etc. Since these numbers are managed by Duo Mobile SDK you can’t use them and that’s a good thing, but users don’t know that for sure and, when they are asked for a cellphone number, some may just leave the login area.