Skip navigation
Product & Engineering

Announcing Duo’s Vision to Streamline Authentication & Enhance User Experience

I love where I work, and between that and my general lack of fashion sense, I wear Duo t-shirts all the time. This means that, on a somewhat regular basis, I get unsolicited feedback from Duo users in grocery store check-out aisles, coffee shops, and on the sidewalk. Some of it is positive, but the general consensus is that people don’t love multi-factor authentication (MFA); they see it as a necessary evil at best. They will often ask some version of “How can I Duo less often?”

During the workday, on the other hand, I spend a lot of time talking to systems administrators, security operations analysts, and IT professionals who do love MFA. They’ve seen it drive down incidents and help desk tickets, reduce their risks, and make compliance programs a lot easier. They often share goals of expanding the MFA coverage in their environment and improving their policies to further prevent initial access and lateral movement.

Here at Duo, we’ve long been proponents of the idea that security and end user experience go hand in hand, and we work hard to develop the technologies that make that happen. That’s why I’m so excited to announce our vision to streamline Duo’s authentication workflows, a feature that will deliver seamless, secure login experiences.

We are building on our existing Device Health Application to extend remembered devices functionality between all of the areas that your end users see Duo in a given day: When they access their endpoint via Windows Logon, when they connect to your network via VPN, when they access resources via applications using embedded browsers, and when they access web applications across different browsers, including the Duo SSO service. Simply put: We want end users to just authenticate once, when they start their day, and then forget that Duo is even there.


We’ve seen a lot of customers feeling pressure to compromise the security posture they’d like to have for the sake of the end user experience they need to have. Duo helps you deliver on both of these goals by reducing the friction associated with granular access policies, which we have seen help mitigate initial access, lateral movement, and persistence techniques in historic customer incidents.

Duo is building this capability from the ground up to integrate with the rest of the functionality that our customers find so helpful: Trusted Endpoints (now available in all Duo editions!), Passwordless Authentication, Risk-Based Authentication, and Policy & Control.

"We want end users to just authenticate once, when they start their day, and then forget that Duo is even there."

With enhanced authentication experience, your end users can login once with a convenient, secure passwordless authentication to their work device and then move on with their day. Compare this to climbing the hill of Windows Logon, VPN logon, and web application logon - all with username, password, and Duo prompt - just to get to work in the morning. And with the enhanced authentication experience, you get to enforce granular policy - so if that’s the experience you want for most of your users, but you want your privileged administrative accounts to complete an authentication each time they access a sensitive resource, you can now do that! All of this is continually evaluated by Duo’s trust engine and analytics.

This capability is in active development right now, and we intend to deliver incremental feature updates through early availability programs as we work to a full release. Sign up to get updates regarding the product development. If you are a current customer and would like to participate and provide feedback on this feature, please reach out to your sales representative.