We just raised a $30M Series A: Read our story

Duo Security OverviewUNIXBusinessApplication

Duo Security is #1 ranked solution in top Authentication Systems and #3 ranked solution in top ZTNA services. IT Central Station users give Duo Security an average rating of 8 out of 10. Duo Security is most commonly compared to Microsoft Authenticator:Duo Security vs Microsoft Authenticator. The top industry researching this solution are professionals from a comms service provider, accounting for 28% of all views.
What is Duo Security?
Cloud-based user authentication vendor: authenticate with your phone, Duo mobile app, landline, or tokens with or without an internet connection
Duo Security Buyer's Guide

Download the Duo Security Buyer's Guide including reviews and more. Updated: November 2021

Duo Security Customers
Threadless, Yelp, Etsy, Eventbrite
Duo Security Video

Pricing Advice

What users are saying about Duo Security pricing:
  • "Our licensing fee is currently on an annual basis."
  • "Their pricing model is a little bit weird. Currently, there is no price advantage in signing up for yearly contracts. There are no additional costs to the standard licensing costs."
  • "During testing we are allowed a certain number of licenses for free."
  • "Its price is reasonable. It is not highly expensive."

Duo Security Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Sean Muller
IT Security manager at a energy/utilities company with 201-500 employees
Real User
Top 5Leaderboard
A highly-scalable multi-factor authentication solution

Pros and Cons

  • "The multi-factor authentication process and the geo-locking features are great."
  • "We had some trouble with the password reset function."

What is our primary use case?

When our users are connecting to our Cisco VPN, Duo effectively ensures that they are who they say they are by taking a second factor into account, such as the cell phone that was used to create their profile. To do this, it sends them a second mode of authentication, such as a PIN or push confirmation. It also geo-locks who is allowed to actually log into our systems. We have it locked to the continental United States and Puerto Rico, and one outsourcing firm that we work with.

Once you have it set up, all you really have to do is add people to a group in the active directory and send them the instructions on how to do it. If you have a lower technical user base, you may have to walk them through it. But once it's set up, it really is automatic.

Not a single person from our IT staff really needed anything other than the instructions. Of the 15 people in our test group, nobody actually needed instructions on how to use it either — beyond what I just wrote up and sent them.

As we get to the older population in our company, the less technical population, we're probably going to have to walk them through it or hold their hands a little bit.

Within our organization, there are currently 15 employees using this solution. Eventually, we will have all 221 office staff users with it set up. Still, we'll probably top out at about 80 users a day.

We will increase the overall usage as our users increase. So, if we hire another 10 people, then we'll buy another license.

What is most valuable?

The multi-factor authentication process and the geo-locking features are great. It provides us with statistics about the devices that are used to perform the second authentication factor.

Upon successful connection, it tells us where and what device is being used to perform the second authentication factor. For example, when I log in with it, we'll see that I have my iPhone 11 and that it is located in the area via its IP address.

What needs improvement?

We had some trouble with the password reset function. When a user's password is expired, you can prompt them using Cisco AnyConnect — a password management feature — to change their password in the same channel during the login process. We had a lot of trouble configuring that. As a result, we now have a second channel that bypasses Duo to allow them to reset their password.

For this, we needed Cisco support, Duo support, and our network administrator all lined up. It should have just been something that they could have just configured, but they weren't able to do it in the same channel. We had to actually create a second channel. When you do this, people will try to log on and it'll tell them that their password is incorrect. They'll realize that their password is expired because it's been 90 days. Afterward, they'll have to then go back to AnyConnect, change the channel that they're logging into, attempt to log in, get the password prompt, disconnect from the AnyConnect, and then reconnect using the Cisco Duo multifactor authentication — this is extremely complicated.

Still, it's really only a problem for a small subset of users. The ones who ignore the notifications 10 days before saying, "Hey, change your password."  So, it's not as big of a deal as it sounds. Just by having a functional way to do it, it makes it so that if nobody's on staff, the user can reset their own password without having to call us in the middle of the night on a Saturday, because that's the best time for those passwords to expire. 

Also, it would be nice if it was easier to modify the splash screen that comes up when entering your username and password.

For how long have I used the solution?

We actually just configured Duo Security — we're in the process of pushing it out. Currently, we've been using it for the past three to four months.

What do I think about the scalability of the solution?

Scalability is definitely up there. It could easily handle many, many, many more authentications than we are currently or ever would use. It could definitely go far beyond what we are currently using.

How are customer service and technical support?

The technical support agents are definitely knowledgeable; they give us plenty of recommendations on how to do things. They are very quick to send us white papers describing how to fix things ourselves. 

Although they try to push us toward a self-help model, they do eventually get online with us via a WebEx chat with the Cisco reps and help us out. We've never really had any problems finding somebody from chat support that wouldn't jump on to the WebEx meetings with Cisco premium support.

Which solution did I use previously and why did I switch?

We didn't have anything covering multifactor authentication. We were using Cisco AnyConnect with the tie-in to the active directory, but we just had the single factor — the username and password. Duo allowed us to greatly enhance our security. Now, not only do users have to know their username and password, but they also have to be able to receive the second-factor authentication in order to get in. The same goes for anyone trying to break in.

How was the initial setup?

The initial setup was complex, but due to the support that we received during the onboarding, it was very simple with the exception of the password reset channel that I mentioned earlier that we tried to use but didn't end up doing. The way we have it set up now is actually how it was configured during the onboarding process. It just would've been nice to have had it functionally work — to have that all in one channel.

What about the implementation team?

Regarding deployment, we have an in-house person, but we still had Cisco Duo onboarding support to assist us with the setup. If you have a CCNA, you'll probably be able to do it yourself, but it's just much easier to do it with onboarding support.

The functional part of the onboarding process only took roughly an hour. Including troubleshooting our channel issue, we spent roughly 16 hours before we just decided to go back to the original build.

What's my experience with pricing, setup cost, and licensing?

Our licensing fee is currently on an annual basis.

There are two levels of support with Duo that we were considering. The first level of support is just the two-factor authentication — it doesn't do anything else. But the second level of support provides us with network access control. This basically allows us to say, "Hey, your iPhone hasn't been updated in 10 years, update your iPhone to continue using this service." Or, "Your Windows device does not have updates." It also provided us with the geolocation feature. We were experiencing a lot of break-in attempts from Moldavia. So, thanks to this feature, we just locked out Moldavia. If nobody in Moldavia can connect to our system, then nobody in Moldova can hack us. 

What other advice do I have?

If you're interested in using this solution, be sure to get the onboarding team to set everything up during the onboarding phase. Set up a proxy server if you can and get them to do everything during the onboarding phase — then you won't have any problems.

Compared to the after-purchase support, the onboarding people are a lot more willing to just take over your computer and set things up for you.

Overall, on a scale from one to ten, I would give this solution a rating of ten — it's the best. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
FW
Head of IT and Security at a consultancy with 11-50 employees
Real User
Top 10
Stable, easy to set up, and has useful push notifications, integrations, and mobile app

Pros and Cons

  • "The push notifications and the integrations they offer are valuable. Their mobile app is very useful. It is very easy to use."
  • "The only time I really had some negative feedback for them was about the UI of their mobile app, but they improved it in the last version. It is good on the functionality side, but their pricing model is a little bit weird. Currently, there is no price advantage in signing up for yearly contracts. If you are on a monthly term or a yearly contract, you basically pay the same price, and that is very unusual. Normally, there is a discount when someone signs up for the 12-month system."

What is our primary use case?

Duo Security provides multi-factor authentication for anything that requires multi-factor authentication. It could be our internal corporate services, such as a single sign-on portal, or applications, such as Google Cloud.

How has it helped my organization?

It is very easy for users to enroll. There are a lot of insights that we get from using the app on devices that people use to authenticate.

What is most valuable?

The push notifications and the integrations they offer are valuable. Their mobile app is very useful. It is very easy to use.

What needs improvement?

The only time I really had some negative feedback for them was about the UI of their mobile app, but they improved it in the last version. There was no way to (re)name 3rd party OTP accounts so it got confusing when multiple ones were existing. In addition, each account took a lot of space on the screen, they condensed it in the new version to make it easier for people that have a lot of accounts added. Duo has a beta program and actively solicits and listens to feedback which personally I think is great.

It is good on the functionality side, but their pricing model is a little bit weird. Currently, there is no price advantage in signing up for yearly contracts. If you are on a monthly term or a yearly contract, you basically pay the same price, and that is very unusual. Normally, there is a discount when someone signs up for the 12-month system.

For how long have I used the solution?

I have been using this solution probably since 2014. In this company, we have been using it for two years in total.

What do I think about the stability of the solution?

It is stable. Over the last six or seven years, I didn't have any issues where something wasn't working.

What do I think about the scalability of the solution?

The maximum number of users that I have had is around 600, and I haven't found any issues there. In my current organization, every employee is using this solution. We have 250 employees.

How are customer service and technical support?

I have not interacted with them. I never had to open a support case.

Which solution did I use previously and why did I switch?

We didn't have anything in place.

How was the initial setup?

It is pretty straightforward. I just need to log in to an account and integrate systems that should be using Duo Security. That's basically it. It probably took me an hour to roll out the accounts.

What about the implementation team?

IT support helps users if they run into problems with the application, but that's about it. There is no separate team for its maintenance and deployment. There are a lot of service options for our users. They don't even need to contact IT support. On a new phone, they can even do it on their own.

What was our ROI?

It has provided ROI.

What's my experience with pricing, setup cost, and licensing?

Their pricing model is a little bit weird. Currently, there is no price advantage in signing up for yearly contracts. There are no additional costs to the standard licensing costs.

Which other solutions did I evaluate?

We looked briefly at Okta Verify. It is the Verify app from Okta to use a single sign-on provider. It had the same price but far less functionality. It was a no-brainer to just go with Duo Security.

What other advice do I have?

I would advise others to look at the integrations that are available and see if they can roll it out to as many applications as they can. Encourage users to use Duo Push versus the six-digit pin code that the applicant generates.

I would rate Duo Security a nine out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Duo Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,695 professionals have used our research since 2012.
AS
Technical Specialities at a tech services company with 201-500 employees
Real User
Top 10
Hybrid architecture integration make this product useful but the dashboard needs improvement

Pros and Cons

  • "It is a good solution for hybrid environments and VPN."
  • "The dashboard needs to be improved."
  • "Certain customers can not use this product because it is cloud-based."

What is our primary use case?

In my job, we are using the 365 cloud service and there is a VPN solution. We are providing solutions to other enterprise-level customers, like banks. We do not require much cloud-based security because many clients need to have solutions on-premises. We already use RSA (Rivest, Shamir, and Adelman data security).  

We wanted to try to add some other cloud security options for the VPN and so we tried this product.  

What is most valuable?

I only tested Duo Security with FortiGate. Due to COVID, I have not had the time to do broader testing with other products and services. Because of limited testing, I do not know about what will be most valuable in this product when it is used in different situations over time, but Duo is a cloud-based product and it is a good product to maintain the security for the VPN.  

What needs improvement?

I think that the dashboard needs to be improved.  

Duo Security is a cloud-based product. Most of the security technicians in India that we work with want a security product in-house for their main data center security solution. Because it is possible to integrate Duo Security with cloud-based services, it is good for use with various customers and hybrid architecture. Other features are good, but the only thing is because of compliance, certain customers can not use it as a solution. This is due to compliance with regulations for lots of customers like banks and financial sectors who can not go with cloud products.   

For how long have I used the solution?

I have some experience with the product but have not been using it for a long time. We are mostly involving it in doing evaluations with it at this time.   

How are customer service and technical support?

I have not yet had to contact the company's technical support so I do not know much about it.  

How was the initial setup?

It is a simple product to install. There is not really any complex configuration. In that way, it is easy to use.  

We did not need to use an integrator, consultant, or reseller for deployment. I did it by myself.  

What's my experience with pricing, setup cost, and licensing?

I have not yet needed to purchase the product yet as we are just in the stages of trying it out. There are a certain number of licenses we can use for free during this period. I do not know about the pricing and I am not doing the financial analysis so do not know about the pricing. Other teams will take care of this.  

What other advice do I have?

On a scale from one to ten where one is the worst and ten is the best, I would rate Duo Security as a six-point-five. If I have to choose a whole number it is more of a six.  

I have not tested all the features extensively, so I do not know how they scale. I work on generic RSA products, so I know about all the features.  

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Yassia Savadogo
Cybersec Consultant at Freelance
Real User
Top 5Leaderboard
The best solution that meets our security needs and is very stable, scalable, and easy to use

Pros and Cons

  • "It meets our security needs very well. It is easy to use, and documentation is also available. It is also very stable and scalable, and its support is also very good. We are satisfied with this solution."
  • "Its documentation must be in French because we are a French-speaking country. They should also provide more training documentation. Its management interface should also be improved. They should also improve its update period. If I compare its update period with other products such as Palo Alto firewalls, this solution is really slow in updates."

What is our primary use case?

We are using it for perimeter protection.

How has it helped my organization?

We are using it to protect the DMZ servers of our organization. It protects our DMZ servers from malware and web attacks.

What is most valuable?

It meets our security needs very well. It is easy to use, and documentation is also available. 

It is also very stable and scalable, and its support is also very good. We are satisfied with this solution.

What needs improvement?

Its documentation must be in French because we are a French-speaking country. They should also provide more training documentation.

Its management interface should also be improved. They should also improve its update period. If I compare its update period with other products such as Palo Alto firewalls, this solution is really slow in updates.

For how long have I used the solution?

I have been using this solution since October 2019.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

It is very scalable. In my company, I have between 90 to 100 users. We also have some users who are working at another site. 

We have plans to increase its usage, but due to COVID, we're mostly working remotely.

How are customer service and technical support?

Their technical support is very good. They are very reactive. The last issue for which I contacted them was related to an OS update.

Which solution did I use previously and why did I switch?

We have used Check Point and Palo Alto solutions previously.

How was the initial setup?

It is very easy for me. I work with a lot of solutions like this. Its deployment took two weeks.

What's my experience with pricing, setup cost, and licensing?

Its price is reasonable. It is not highly expensive.

Which other solutions did I evaluate?

We evaluated lots of options from different vendors.

What other advice do I have?

I would recommend this solution. Duo Security is the best solution for the cybersecurity challenges that we are facing nowadays.

I would rate Duo Security a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Bernard Komdeur
Helping Clients Succeed at It-visibility
Real User
Top 5Leaderboard
A secure solution to protect a database

Pros and Cons

  • "The two-factor login is great. I receive a message and just have to press okay."

    What is our primary use case?

    We use Duo Security to access databases, which are in the cloud. It's two-factor authentication mostly.

    What is most valuable?

    The two-factor login is great. I receive a message and just have to press okay. And then I am in. Also, the connection is very fast.

    What needs improvement?

    I haven't experienced any issues with Duo Security, but I'm only on the front end, I don't see the back end. I don't know what the IT guys are struggling with. From the front end, it's very fast and it hasn't missed a beat, so to say. As soon as I log in, within a second, I receive a message on my mobile, and as soon as I hit okay, that is within a second, then it's already passed on to the database where I need to be. It's lightning-fast, I've never experienced anything like it in the past.

    For how long have I used the solution?

    I have had experience with Duo Security for roughly six months.

    What do I think about the stability of the solution?

    Duo Security is very stable.

    How are customer service and technical support?

    I have not needed to call technical support relating to Duo Security; however, the guys from Cisco are very supportive, but that also has a lot to do with my relationship with Cisco. I've known most of the support guys since the late '90s. If I have an issue, they respond to my requests within five minutes.

    How was the initial setup?

    For me, the initial setup was very simple. All I had to do was download an app, log in, and that was it. 

    What's my experience with pricing, setup cost, and licensing?

    I was not involved in licensing negotiations, so I can't speak on this matter.

    What other advice do I have?

    As a user, I would give Duo Security a rating of nine out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    Buyer's Guide
    Download our free Duo Security Report and get advice and tips from experienced pros sharing their opinions.