Cisco Duo Reviews

Essentially, we use it as a two-factor authentication for our users when they are trying to log into the corporate network or another dev network that we have.

Overall, it provides functionality and security with the two-factor authentication. We can ensure whomever is logging in isn't someone else who might be sharing a username or password.

It is a good source of security as far as ensuring that there are no rogue agents attempting to access the network. Duo has enabled us to mitigate rogue access requests to our network.

With everything that went on over the past three years, we can authenticate through the VPN, or anywhere that you are at, giving our workers the ability to work hybridly and tackle day-to-day jobs without having to come into the office.

Our workers know what they are doing is secure. They don't have to worry about buying other equipment and we don't have to worry about supplying other equipment. We can just use Duo to facilitate, making it easier to do their day-to-day jobs.

The ability to work online and offline with two-factor authentication is the best feature. Usually, with products, you have two different tokens. For this product, there is just one. 

It is a good product to assess the access. Overall, it has a timely response as far as when you need to click. It is very interactive. It is not like you have three seconds, then it is gone. It gives you the time to do it.

It provides single-pane-of-glass management, which is pretty easy and straightforward. Because we manage multiple access tiers, it allows us to essentially manage everything from one viewpoint and not have many viewpoints for the same product. This is important because it is a time and resource saver. It also saves us money.

The single-pane-of-glass management user experience is pretty good. It is one of the best ones that I have worked with so far.

The biggest challenge is integrating it into all our end user utilities. We use it for other networks, not just our personal network. So, the challenge is just integrating it across the board.

There is not much improvement as far as the front-facing part of it. For the back-end, there could be a few more security features applied. Obviously, as they grow, it will get better.

I have been using it for about seven months.

The stability works well with what we have, and we have a big Cisco infrastructure. It is pretty seamless for us.

Maintaining network connectivity with Duo is pretty easy. The timeout isn't too bad. It obviously depends on your security thresholds, but it is pretty easy.

It is pretty scalable. We have run it through its paces.

I haven't had to work with their technical support division. I am guessing it is good since I haven't had to deal too much with them.

This is the first time that I have worked in a VPN environment.

I would give it about a nine out of 10 because nothing is perfect.

Our web developers use Duo Security as a WordPress plugin to provide security for our websites.

Duo offers dual-factor authentication for our logins. I put in my credentials and hit go. Then I get an alert on my Apple watch, and I approve it. That part is just phenomenal. 

Duo has some issues that we're trying to work through. For example, if I install it on a WordPress site and another admin needs to log in, they can't because Duo hasn't been set up for them. It doesn't appear that I can add permissions on a user-by-user basis. It's not obvious.  

I would also like to see password-free login. There used to be a password-free product where you used your phone and looked at the screen. I can't remember what it's called now, but it was great. It used blue wavy lines that constantly changed, so nobody could ever screen capture and use them to log in. That was by far the best solution. 

Duo bought them out and did away with them. They probably saw it as a threat because it was a better solution. And a couple of companies have tried to mimic that, but they have never come close. If Duo were to go back to something like that, I would be ecstatic. Passwords are supposed to be a thing of the past.

I've used Duo Security for about two years.

Duo Security is stable.

I don't know how Duo would scale. If I've got a hundred websites and I install it on several of them, scalability just means adding it to a new website. It would be as easy as adding it to the first. 

That's not an issue, but I  still haven't figured out how to add new users to a site that already has it installed. I checked their online documentation and haven't found an answer yet,  so we temporarily took it off on that particular site.

We tried several authentication solutions before, but I liked the way Duo works better. 

I rate Duo Security eight out of 10 for ease of deployment. It takes a minute or two to download and install the plugin. 

Duo Security is free.

I rate Duo Security nine out of 10. Duo is a solid solution, but it still has some minor issues with adding users. 

We use Duo Security for two different parts. One is for access to one of the servers, and the other one is for accessing the VPN connection.

It helped free up the time of IT staff. It helped them to manage the control within the users. They can control who gets access to which part of the system. For example, if there is a group of people who need a certain type of permissions, they can set them up easily. They can gather them in groups and give specific permissions. They can also give specific permissions to only one person.

It has been very useful in detecting or fixing threats that come into the organization.

It's a good thing for the authentication of your credentials. It's easy to use for the security part, and it helps to improve our security posture.

They can make authentication easier. It should be done in a shorter time. Sometimes, it can take a bit more time to get the answer on your phone. You have to wait a bit longer to get the SMS code and other things. There can be some internet or connection issues. They should make it faster because sometimes, it's urgent, and you need to access something as soon as possible.

I have been using this solution for about two years.

In general, all Cisco products, not just the Duo product, have a lot of stability.

Their tech support is pretty good, but there are some disadvantages. Sometimes, they take a long time to answer. I understand that some of the issues are not very easy, and it takes time to research them. I'd rate them an eight out of ten.

Positive

We didn't use any non-Cisco products. We were only using Cisco products. The IT part of our organization is using the Duo authentication system, and we are using another part of the server for authentication.

It's not very hard. It doesn't take long. The IT gives us an access code for it. 

I just downloaded the app, and after that, just got the security code from that department. I entered that, and it was done. That's it. If you are changing your device and they're just resetting your data, it can take two or three minutes maximum for a new device.

I'd rate Duo Security an eight out of ten.

We use it for security in general. We were looking for something that would integrate with what we already had and that would give us an extra layer of security on top of what we were doing. Since a lot of people were starting to use a lot of handheld devices and equipment at home, we wanted another layer in there.

It hasn't done as much in terms of remediation as it has just flat-out in prevention. Duo has done a very good job in making sure that a problem doesn't become a bigger problem. It's done that very well.

We like the different ways that it allows you to push notifications to people. It can do text, a phone call, and email. We liked the versatility for all of our different end-users, regardless of their level of understanding of the technology.

It does a very good job of helping workers feel safe and secure and supported. Some people view it as just another layer of things that they have to go through, but the simplicity of use, such as being able to call in if they need to, or receive a text, takes into account all levels of end-users and what it takes to get that authentication from them.

It is also important that the solution considers all resources to be external. When you already have certain pieces of security in place, it's really difficult to just rip everything out and replace them. You need something that can start as a standalone solution and then slowly work its way into the rest of your corporate network. When we changed buildings, we had a lot of people working at home for the first time and suddenly using different devices to do their day-to-day jobs, so that aspect became very important.

When it comes to supporting an organization across a distributed network it becomes very important, again, because the traditional method of backhauling security solutions to a central point gets very dicey. It starts to generate a lot of traffic across a wide area. And what happens if some of that can't get back to you? Or what happens if you're dealing with low bandwidth or other scenarios? Plus, depending on where you're at, they may view that as some kind of encrypted back tunnel and not let that happen. Whereas Duo, because it's more distributed and it's trusted out there, allows you to drop something in on a footprint on a very large scale. Before, it would've been a nightmare to get all that configured properly and working.

In addition, the single pane of glass management is very important because security is an extremely complex issue. If you have all these different windows to look at, you're not sure if somebody was looking at this window at this particular time, or if they were over there at that window and missed something. The single pane of glass is very important because the biggest enemy of security is complexity. If you miss something because somebody is not watching the right dashboard, it can blow right by you.

The single pane of glass management does a pretty good job of helping to optimize the user experience, in my particular role. And from what I hear from my team, they're very happy with it. They feel it does a good job for the clients and they love the simplicity.

There could be improvements made to the dashboards and more integration with the rest of the Cisco ecosystem. Duo was clearly purchased, and Cisco has a lot of other panels for their Firepower products, et cetera. They need to continue bringing it, Umbrella, and the endpoint pieces even more together and make the integration a little more seamless among all of them.

Our company has been using Duo Security for about two years.

It's very stable. I don't think we would have gotten it if it wasn't stable. It obviously had set quite a reputation before Cisco acquired it, and that has continued.

The scalability has worked great for us. We've not had any issues with it.

My team gives demonstrations of Duo regularly. The number-one piece of feedback that we get from people is that they like the simplicity. They like the windows, that it's easy to set up, and the features. There are different features and you don't have to turn them all on right away. You can turn on the basic features and get the authentication piece. They like the ability to then drill down and turn on some of those extra features because they don't have to ramp up straight away. They can turn on the basics and be in good shape. Then, if they want to keep tweaking it and turn on all the other pieces, it scales really nicely that way.

End user-wise, we're probably up to about 600 to 700. Our central office is out of Harrisburg, PA and we have a couple of warehouses across the U.S. where I believe they use it too. It's a bit of a distributed model, but it's not a massive distributed model.

I have not personally had to deal with tech support, but my engineers who have had to deal with them have said that they've been very on the ball with quick responses. There have been no major issues.

We did not use a solution for authentication.

It was a little interesting in the beginning when we first put Duo out there because everybody was concerned about text messages on their personal cell phones, and use of their cell phones, and who actually owns their cell phones. We dealt with a lot of what was more along the lines of company policy issues, back and forth.

But after we got past the initial rollout, everybody seemed to calm right down and we don't get any complaints or negativity about it now. It's just part of normal life. Before Duo was pushed out, there were a lot of other companies that were starting to do the same type of thing. That helped ease the release of the Duo product in our organization because people were already starting to get somewhat used to having that kind of stuff happening.

Licensing and pricing are a little bit out of the area that I play in, but I think the pricing is in pretty good shape. 

One of the issues that we used to have is that Umbrella, Duo, and Cisco Secure Endpoint all had different license quantities that you had to buy. That made it really difficult to buy a complete solution with all the other pieces. I had to buy 25 of this one at a time, and 10 of that at a time, and 15 of another one at a time. They seem to have fixed that and the number of seats that you buy now matches across all the different products.

We shopped around for other layers of security but I don't think we specifically shopped around for the authentication piece. When we looked at everything, and the dust settled, this was the easiest piece to put on top of what we had and to give us another layer of security.

Duo hasn't eliminated trust, but it has certainly been a piece of what has helped build our whole hierarchy. We're moving forward and starting to put other pieces in place too on top of that, things that sync a little better with it.

Duo is beneficial to the overall connectivity. It doesn't cause any issues. It doesn't cause an excessive amount of delay, from what we have seen. The nice thing about it is that it just sits on top of whatever else is already in place and it doesn't cause disruption to whatever else you're using.

I rate it highly because it's something that can grow with you, whether you have very little security or a lot of security, whether it's already Cisco or not, and whether you have a mixed mess that you're trying to put into some kind of order. It will go in any direction with you and grow. It will get better as you improve the stuff around it and it will start to integrate with Cisco solutions. It's one of the best products because you have the ability to go with or without Cisco, and it gets better as you add more.

Duo specifically offers good MFA functionality. We needed support for our VPN and used GlobalProtect as well as Duo for additional security.

Duo has allowed us to add an additional layer of security to our organization. It prevents people from gaining access unless they have your credentials as well as a device. It has allowed us to establish trust for every access request and secures our environment. We are confident and comfortable with the way the solution handles this. We have tried other solutions but they've not met our expectations.  

Duo Security does a good job of helping to support our organization across a distributed network. It does a fantastic job at securing access to applications and networks. It is streamlined and straightforward.

Duo Security provides single-pane-of-glass management.

This solution has been most valuable for locking up our VPN solution and providing secure web protection. 

We have a 24 hour timer for our Duo cookie and we would like to reduce this to a shorter time when using Duo. We use Duo together with GlobalProtect and I am not sure which solution would be responsible for this improvement. 

I have been using Duo Security for the entire time I've been employed at my company.

This is a stable solution. 

This is a scalable solution. We have 20,000 users covered by this solution. 

We have not needed much help from the Duo support team. Using this solution has been surprisingly easy for us. 

We were running a different solution on a test gateway we had and it didn't meet our expectations so we moved to Duo. We have previously tested XAML. 

You pay per user when using this solution and the pricing is fair.

We have never had an issue in maintaining network connectivity across all workplaces. Duo Security has helped remediate threats more quickly and offers security end to end. Cybersecurity resilience is probably one of the most significant elements of organization because we work in the healthcare industry.

I would rate this solution a ten out of ten. This is because we have not had any vulnerability that has been exposed to or any other issues that we've had to deal with.

We mostly use it for multi-factor authentication with email platforms like Office 365 as well as other apps.

We were looking to deal with email phishing attacks and brute force attacks, and the like, and Duo has helped a lot. We're more secure with multi-factor and have seen the number of phishing attacks and brute force attacks go down.

Logging in with Duo is baked into anything that we log into, including any applications, email, and web apps. We integrate it with a product called Jump Cloud, which is our cloud-based identity management system. We have also integrated it into WebEx and Box. Duo runs all of our security and MFA, and it's worked out well.

It's helped a lot of our customers with multi-factor in their identity management systems, on-prem and in the cloud. That way, when users log in, they get the MFAs to be able to log in to any resource on the network.

And because everybody is working remotely now, Duo checks all the boxes for hybrid work.

When it comes to remediating threats, it has helped us do so quickly. We don't even see a lot of the threats anymore because it's working behind the scenes. It has definitely decreased the number of threats in the last year compared to what we used to see.

The ease of use and the ease of management of all the users have been key for us. The setting up of devices in Duo has been really easy as well. It's better than all the other ones I've worked with.

Another important feature is that Duo considers all resources to be external because even the internal ones look like external ones, and people click on stuff and get caught. It's very important to be more cautious than ever.

Also, the single pane of glass management works very well. That feature is very important because we have a lot of admins who have to manage Duo, and it's much easier when it's a single pane of glass. That single pane is also great because it's easy to enroll new devices.

One area that might be improved is that setting up SMS texting is not as easy as using the app, even though it does support it.

Also, a faster management user interface would help. It tends to lag a little bit.

I've been using Duo Security for three or four years.

It has been stable. We haven't really had many issues with it. It maintains network connectivity across all workplaces and works great. I don't have any complaints.

It can scale to as many employees as you have. It can go from five employees to 1,000 employees. I don't see any issues with the scalability.

Their technical support is great.

Positive

We did not have a previous solution.

The initial deployment was pretty straightforward. We had a small number of challenges, but nothing we couldn't get by. It was pretty smooth, overall. Setting it up and enrolling new devices into the environment was a breeze. That was the easiest thing.

We do it ourselves.

We see ROI in that users feel more secure and their morale goes up. You get to keep those employees a lot longer if they feel better working for an organization that's investing in security. A big benefit is keeping your employees.

Everybody loves it. They feel a sense of security when they get that prompt to send them a text, or an email. It makes them feel like they're working for a company that is really taking the time to secure the environment. It gives them a good feeling when they get a second form of authorization.

The pricing is pretty competitive. It's pretty cheap. Anybody can adopt it. We don't have customers that haven't used it because of the price.

We evaluated Microsoft Authenticator and Google Authenticator. With those solutions, you don't have the granularity of management of the MFA environment that Duo offers.

Our Duo is all cloud-based, there's nothing on-prem. We typically integrate it with our cloud apps.

Resilience in cyber security is a game-changer. We have the same challenges that every organization goes through with security: phishing attacks, ransomware attacks, et cetera. I wouldn't say it has eliminated 100 percent of them, but it definitely cuts a lot of that stuff out. Every organization should have something like Duo, or MFA in general. But if they're going to do it, they should do it with Duo just because it's so easy to manage and it is resilient.

For management that wants to build more resilience within their organization, they have to implement multi-factor authentication across that organization for everything. It shouldn't just be for email but everything internally as well. 

With Duo, MFA allows the network to have an authenticated user sign-on seamlessly. If someone's entering a password and their user credentials and they want to get access to the network, the Duo app will have a code that the end-user has to input, which then authenticates them. It's a second layer of security before they can access the network. Even if a third party gets your username and password, without that Duo access, they won't be able to access your network.

We don't have to worry so much about the end-user that's logging in.

Multifactor authentication is the most valuable feature.

As for establishing trust for every access request, that's exactly what this solution does. Outside of having a username and password, you have to get authentication from Duo as well.

You can never eliminate trust, but what Duo Security does do is add an extra layer of security. When it comes to the internet, networks, inbound traffic, and outbound traffic, you're always subject to a potential threat. Duo Security just adds another layer.

It's a great addition to the security of any network infrastructure.

In terms of helping workers feel safe, everyone knows that the information within the enterprise is safe because the people that are logging in have been authenticated in more than one way.

It's pretty easy to maintain network connectivity once it's set up; the end-user uses it to log in. It's not something that you have to constantly manage and deal with apart from pushing updates. It's pretty much self-managed.

In terms of consistency across workspaces, it works all the time, except for when a forced update is needed.

It helped us remediate threats more quickly. For instance, if someone accesses your credentials or you leave your laptop open and someone gains access when it times out, you still need the Duo code that is sent. A new code is always needed to be able to access that laptop or even that phone. Then, from there you're able to safeguard the information that your company has.

Nowadays, data is the number one commodity, so protecting that at all costs is really important. Duo helps with that with end-users. The thing about end-users is that they are volatile. You can't really control what someone does. So, Duo security helps with managing that by having them implement a new time code that's always sensitive.

Technical support could be improved. I don't think all support should have to go through an agreement.

I've been using this solution for seven years.

It's very stable. There aren't many issues with Duo.

The scalability is just fine. If you scale a certain amount, you have to upgrade and update your license. Outside of that, it's fine.

We are a large organization that deals with a lot of high transactional payments, and we have a large number of users, maybe 100,000 a day, and inbound user traffic.

If you open up a TAC case and they get to you quickly, it's fine. If you have a service agreement that says that they will get back to you within one to two hours, that's fine because you can resolve an issue. Now, if you don't have that agreement and are just a regular user, they take 48 hours to get back to you, and if you and the network team or the security team can't figure out the issue, a lot of money could be lost in two days.

Because there's always room for improvement and because I don't think all support should have to go through an agreement, I would rate technical support at eight on a scale from one to ten.

Positive

Anytime your network is secure and it's not breached or there's no downtime or infiltration of your perimeter, there's always an ROI.

With regard to pricing, for a small business buying a one-off, it's pretty expensive. If it's an enterprise that has thousands of employees, however, it's really nothing to protect your data because if your network goes down or it's breached, you're losing millions of dollars every minute. When it comes to a large enterprise, it's priced where it should be because you're talking business to business. You're not talking business to consumer.

To leaders who want to build more resilience within their organization's security, I would say that you can't go wrong with Cisco products when it comes to security. You can start with Cisco Umbrella, then go down to their firewalls, and then the next-generation firewalls. Then, you can move down to their end-user security endpoints.

The whole lineup through their security portfolio is really strong. If you're spending $50,000 on a suite and a $100,000 total contract value, you can enter a 3.0 Enterprise Agreement. Then from there, you can lock in prices for one, three, to five years. So, when it comes to any enterprise, when you're talking about security, if you use all of Cisco's security features, from end-user out to your data centers, you'll be pretty well off.

If you have security concerns, implement Duo for your end-users.

Overall, I would rate Duo Security an eight on a scale from one to ten.

When our users are connecting to our Cisco VPN, Duo effectively ensures that they are who they say they are by taking a second factor into account, such as the cell phone that was used to create their profile. To do this, it sends them a second mode of authentication, such as a PIN or push confirmation. It also geo-locks who is allowed to actually log into our systems. We have it locked to the continental United States and Puerto Rico, and one outsourcing firm that we work with.

Once you have it set up, all you really have to do is add people to a group in the active directory and send them the instructions on how to do it. If you have a lower technical user base, you may have to walk them through it. But once it's set up, it really is automatic.

Not a single person from our IT staff really needed anything other than the instructions. Of the 15 people in our test group, nobody actually needed instructions on how to use it either — beyond what I just wrote up and sent them.

As we get to the older population in our company, the less technical population, we're probably going to have to walk them through it or hold their hands a little bit.

Within our organization, there are currently 15 employees using this solution. Eventually, we will have all 221 office staff users with it set up. Still, we'll probably top out at about 80 users a day.

We will increase the overall usage as our users increase. So, if we hire another 10 people, then we'll buy another license.

The multi-factor authentication process and the geo-locking features are great. It provides us with statistics about the devices that are used to perform the second authentication factor.

Upon successful connection, it tells us where and what device is being used to perform the second authentication factor. For example, when I log in with it, we'll see that I have my iPhone 11 and that it is located in the area via its IP address.

We had some trouble with the password reset function. When a user's password is expired, you can prompt them using Cisco AnyConnect — a password management feature — to change their password in the same channel during the login process. We had a lot of trouble configuring that. As a result, we now have a second channel that bypasses Duo to allow them to reset their password.

For this, we needed Cisco support, Duo support, and our network administrator all lined up. It should have just been something that they could have just configured, but they weren't able to do it in the same channel. We had to actually create a second channel. When you do this, people will try to log on and it'll tell them that their password is incorrect. They'll realize that their password is expired because it's been 90 days. Afterward, they'll have to then go back to AnyConnect, change the channel that they're logging into, attempt to log in, get the password prompt, disconnect from the AnyConnect, and then reconnect using the Cisco Duo multifactor authentication — this is extremely complicated.

Still, it's really only a problem for a small subset of users. The ones who ignore the notifications 10 days before saying, "Hey, change your password."  So, it's not as big of a deal as it sounds. Just by having a functional way to do it, it makes it so that if nobody's on staff, the user can reset their own password without having to call us in the middle of the night on a Saturday, because that's the best time for those passwords to expire. 

Also, it would be nice if it was easier to modify the splash screen that comes up when entering your username and password.

We actually just configured Duo Security — we're in the process of pushing it out. Currently, we've been using it for the past three to four months.

Scalability is definitely up there. It could easily handle many, many, many more authentications than we are currently or ever would use. It could definitely go far beyond what we are currently using.

The technical support agents are definitely knowledgeable; they give us plenty of recommendations on how to do things. They are very quick to send us white papers describing how to fix things ourselves. 

Although they try to push us toward a self-help model, they do eventually get online with us via a WebEx chat with the Cisco reps and help us out. We've never really had any problems finding somebody from chat support that wouldn't jump on to the WebEx meetings with Cisco premium support.

We didn't have anything covering multifactor authentication. We were using Cisco AnyConnect with the tie-in to the active directory, but we just had the single factor — the username and password. Duo allowed us to greatly enhance our security. Now, not only do users have to know their username and password, but they also have to be able to receive the second-factor authentication in order to get in. The same goes for anyone trying to break in.

The initial setup was complex, but due to the support that we received during the onboarding, it was very simple with the exception of the password reset channel that I mentioned earlier that we tried to use but didn't end up doing. The way we have it set up now is actually how it was configured during the onboarding process. It just would've been nice to have had it functionally work — to have that all in one channel.

Regarding deployment, we have an in-house person, but we still had Cisco Duo onboarding support to assist us with the setup. If you have a CCNA, you'll probably be able to do it yourself, but it's just much easier to do it with onboarding support.

The functional part of the onboarding process only took roughly an hour. Including troubleshooting our channel issue, we spent roughly 16 hours before we just decided to go back to the original build.

Our licensing fee is currently on an annual basis.

There are two levels of support with Duo that we were considering. The first level of support is just the two-factor authentication — it doesn't do anything else. But the second level of support provides us with network access control. This basically allows us to say, "Hey, your iPhone hasn't been updated in 10 years, update your iPhone to continue using this service." Or, "Your Windows device does not have updates." It also provided us with the geolocation feature. We were experiencing a lot of break-in attempts from Moldavia. So, thanks to this feature, we just locked out Moldavia. If nobody in Moldavia can connect to our system, then nobody in Moldova can hack us. 

If you're interested in using this solution, be sure to get the onboarding team to set everything up during the onboarding phase. Set up a proxy server if you can and get them to do everything during the onboarding phase — then you won't have any problems.

Compared to the after-purchase support, the onboarding people are a lot more willing to just take over your computer and set things up for you.

Overall, on a scale from one to ten, I would give this solution a rating of ten — it's the best.