Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //


09:30 AM
Dark Reading
Dark Reading
Products and Releases

Duo Security Introduces API Edition of Its Two-Factor Authentication Service

Enables Developers to Quickly Add Strong Authentication to Web and Mobile Apps

ANN ARBOR, MICH. – October 14, 2014 - Duo Security, the innovative leader in two-factor authentication, announces a new product edition for cloud and mobile software providers to protect user account access. Duo API Edition (duosecurity.com/api) enables developers to add two-factor authentication to their applications quickly and easily. Duo Security automatically handles of all of the operational aspects of authentication, such as key management and provisioning, alerting and reporting, self-service device management, and global scalability.

“We’re making Duo’s two-factor authentication available to a larger audience with our API Edition,” says Duo Security CEO Dug Song. “API Edition enables developers to prevent user account takeover by adding strong authentication to web and mobile applications with as few as ten lines of code.”

Duo Security’s API Edition leverages the full range of Duo Security’s authentication capabilities to stop intruders from gaining unauthorized access to systems using stolen credentials. With the continual rise of phishing attacks[1], two-factor authentication adoption is increasing for good reason -- it’s a simple step to keep sensitive data secure.

Duo API Edition is currently protecting enterprise, consumer banking, online gaming, and financial software for customers including Egnyte, Computer Services, Inc., Gamesys, OTC Markets, and Dell SecureWorks (NASDAQ: DELL).

“Two-factor authentication was critical for our enterprise customers,” says Rajesh Ram, co-founder and VP Products & Customer Advocacy of Egnyte. “After evaluating buy vs. build, we reviewed several providers in the market. Duo offered the leading edge technology combined with lower cost of ownership. Using Duo, we were able to roll this out in record time.”

Alongside the API Edition, Duo Security also introduces its Mobile Software Development Kit (SDK) for iOS and Android, which offers a simple solution for mobile app providers to embed in-app authentication capabilities.

API Edition starts at $3 per user per year with a minimum of 10,000 users. Volume discounts are available. Visit duosecurity.com/api for more information.

About Duo Security

Duo Security provides cloud-based two-factor authentication to more than 5,000 organizations worldwide, including Facebook, Etsy, Random House, Paramount Pictures, Box, Toyota, Yelp, and Threadless. In as little as fifteen minutes, Duo Security’s innovative and easy-to-use technology can be deployed to protect users, data, and applications from breaches, credential theft and account takeover. Try it for free at duosecurity.com.

[1] APWG Global Phishing Survey 2H2013 

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
10/15/2014 | 3:37:20 AM
1+1 is not necessarily larger than 1 in the real world
2 is larger than 1 on paper, but two weak boys in the real world may well be far weaker than a toughened guy.  Physical tokens and phones are easily lost, stolen and abused. Then the password would be the last resort.  It should be strongly emphasized that a truly reliable 2-factor solution requires the use of the most reliable password.  

At the root of the password problem is the cognitive phenomena called "interference of memory", by which we cannot firmly remember more than 5 text passwords on average.  What worries us is not the password, but the textual password.  The textual memory is only a small part of what we remember.  We could think of making use of the larger part of our memory that is less subject to interference of memory.  More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/1/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Well I dont run on MacOS, so I need to take extra precautions"
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-06-02
Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
PUBLISHED: 2020-06-02
Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
PUBLISHED: 2020-06-02
Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
PUBLISHED: 2020-06-02
The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS).
PUBLISHED: 2020-06-02
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL t...