the device in order to log in and provide a second authentication method in addition to a password. At the moment, it has to be used with Google Chrome, but Brian Kelly, Duo’s principal product marketing manager, says that users can leave it or take it with them and it’s “completely phishing proof.”
“Overall awareness of two-factor authentication is at peak levels,” Kelly says. Last year, Google, Microsoft, PayPal, and other heavy hitters in the IT realm put aside their competitive differences and got together to brainstorm how they could improve the authentication process, he says, realizing that an effective solution couldn’t come from just one entity. “Two-step authentication is becoming more of a household best practice, like backing up your data was a decade ago. I think two-factor authentication is reaching a similar level of maturity, and U2F is the first one to get market traction because it’s very pragmatic and specific about what it’s trying to deliver. Customers can choose their vendor, and everything is interoperable and compatible because we weren’t getting anywhere with proprietary solutions.”
While FIDO U2F was initially created for the consumer market, Kelly says Duo recognized that this same technology could also significantly bolster authentication on the business side. Google, Yubico, and the FIDO Alliance are marketing U2F devices to consumers, while Duo’s target customer is the enterprise market. Kelly adds that businesses that don’t have the resources to create their own in-depth security infrastructure are Duo’s “sweet spot.” But that’s not to say Duo’s customers are mostly small businesses, since Kelly says Duo’s security technology is used in-house by Facebook, Yelp, Etsy, and Tumblr employees, among others.
“Duo is focused on the business-to-business use case, though the marketing has to be end user-friendly,” Kelly points out. “We’re not targeting customers, but the businesses that want to offer it to their customers. As far as we know, we’re the first business-to-business vendor to support this new standard.”
Earlier this month, Duo also released its API edition, which enables developers to add two-factor authentication to their apps. The starting price for this feature is $3 per user per year with a minimum of 10,000 users, and Duo Security takes care of all of the operational aspects of authentication: alerting, reporting, key management and provisioning, and self-service device management. Current Duo API customers include Egnyte, Computer Services Inc., Gamesys, OTC Markets, and Dell SecureWorks.
“We’re taking the same authentication platform for internal use and applying it to much larger-scale access,” Kelly says. “We had been selling it on a case-by-case basis until we learned what people wanted. Now, we’re formally offering it because of market conditions and lots of people wanting it.”
In addition to the API Edition, Duo Security this month also released its mobile software development kit for iOS and Android, which allows mobile app providers to embed in-app authentication capabilities.
With so much growth in the past year and ever-increasing threats to keeping personal data secure, Song says Duo’s challenge now is attracting and retaining top talent. The company has roughly 100 employees, with 10 open positions currently listed on its website.
“We’re continually hiring,” he adds.
