What needs improvement with Duo Security?

The price of Cisco Duo could be better.

The product price needs improvement.

I am interested in adding auto-admin services and incorporating icons for easier navigation. This could contribute to a new business idea platform. I have seen the features, and they make things easier, resolving issues from before. The platform has been updated, and there's now another link in my platform for media access. When it comes to improvements, the UI can be more user-friendly, and there is room for easier navigation. There could be enhancements in customization. I haven't had issues with storage or backup, but I am open to improvements in customization functionality. It's not my environment, but I see possibilities for improvement in the deployment of funds.

Password management is difficult for us, especially for users. We would like to go passwordless. If we can go passwordless then you don't have a password manager. I am looking at other security features with Duo right now. We're currently looking at the passwordless options. We're looking at VPN displacement options. We're looking at those things right now. We haven't adopted yet.

The only thing I can think of to improve for tech support is to have a dedicated engineer but then I would get an engineer that has priorities in one area or another and maybe not the scope I need. I like the fact that when I open a ticket, I'm not getting the same caller calling back. I like the variety of support that Cisco offers. Opening a technical assistant's request is a little challenging at times. I wish that the Cisco website could understand who I am from the chart and just let me in rather than forcing me to pick out my contract number, my address, or something like that. They should make it streamlined, make it simple.

From an administrative standpoint, I'd love to see it be a little better at remembering a device and location so that I don't have to continually authenticate. That's pretty much it.

I'd like to see it integrated into other applications. I know there are some integrations, but I haven't been able to explore that any further.

For upgrades, there should be a better notification of when they're coming out. We always have a testing phase, so we need to be ahead of it. It takes us longer before we can upgrade to the newest version.

I have a few suggestions for improving Duo Security. One major aspect would be the ability to gather contextual data. This means being able to determine the location where someone is authenticating from and whether it aligns with their regular location patterns. While two-factor authentication with mobile devices provides a high level of security, it's still not foolproof, as someone could potentially steal your phone. It would be beneficial to have information about the authentication location. If a partner could obtain that data, we could implement it, or if we had our own application, we could incorporate this feature. Additionally, having the ability to customize aspects of the API or the app's appearance would be useful. For example, if you're using Duo for both VPN access and authentication, you might want a different user interface for each scenario. This way, you can easily identify if someone is impersonating you at the door or accessing your computer. These are some suggestions to enhance the functionality of Duo Security.

There is always room for improvement. Duo Security is a great product in its current state. However, Cisco can further enhance the integrations, as they possess exceptional integrations with various providers' products and feature sets. They should continue to improve and expand these integrations to include more products. The more integrations they offer, the more advantageous it becomes for us as a Cisco partner to promote and sell their product.

The technical engineers in the first line of support should improve their knowledge. We often have to bounce all the cases to different levels.

Duo Security should better organize its tile feature to organize applications better.

We use Yubikey for pushing it to the phones. Yubikeys can get expensive because people tend to lose those for some reason. Fifty dollars a device is pretty high.

When you come to the push in Duo Security, there are some integrations where you have to use the code instead of the push functionality. Sometimes, you have to go and push from the app, go to Duo Security, and then go back over after you've accepted the push. It would be good if a seamless web comes down, you press the button at the top, and it goes away while you're still in the app.

Integration between Duo Security and FTDs needs improvement. Integrating Next Generation Firewall safety with Duo Security currently requires a proxy agent between Active Directory and the appliance. It's an additional factor that we need to think about. It would be great to have direct integration with FTD so that we don't have to worry about middleware products. For the rest of the Cisco Secure solutions, the APIs need improvement. Duo Security needs to improve the delivery of text messages to the users. This has been a big pain point for us over the years. Though we understand that the local telecoms are the ones responsible for the final delivery of the message, there should be a way to improve the process. Some users don't use the application and rely on SMS messages. It is a problem at times because the messages are not delivered.

Duo Security could be improved with the addition of more applications. Duo Security has not helped free up our IT department's time.

They could just continue to add more integrations.

We found it difficult to integrate it into our broader product family of Microsoft tools and other applications used across our organization. So, we have pulled back from this solution a little bit. It was easier to use Microsoft MFA, which integrated with everything and still did the two-factor authentication that we needed. There is nothing wrong with the product, as far as its functionality. It was just the breadth of support. It got harder and harder to integrate. For what it does, it is fantastic. Once we started hitting Microsoft Office stacks, we then began to find its limitations. It is not so good for securing access to our application and network. We found it harder to integrate, particularly with the Office stack, which is our primary application stack. We did get it working with a few other cloud applications that we were working with as part of our single sign-on story. However, it certainly wasn't easy to integrate in-house. It created another step for users who don't know about the benefits, as far as the corporate benefits. I wouldn't consider having another app on their phones and having another thing to deal with a positive for our user community.

I wouldn't mind seeing some options for remembering a device for a short period of time or a specific login, particularly for administrative engineering staff, as we may be logging in to four or five different services. We're having to use it a lot. I understand it, it's just part of it. That's not specific to Duo. That's two-factor authentication in general.

More automation and device insights would be helpful in achieving a seamless single pane of glass. Having the additional capability to streamline processes would also make things better.

End-users find it more annoying than anything else. It's tough to manage user perception of the service, especially when there isn't feature parity between Mac and Windows users. There are some challenges in making that user experience the same between platforms and helping users feel the least amount of burden possible while helping to ensure the organization's security. Network connectivity depends on where users are located. Internally, on-premises, it's not hard keeping connectivity, but we have users who move throughout the world, and their levels of connectivity change. It can be a challenge, if someone is in Bahrain, to authenticate via Duo.

It could be a little bit more intuitive when it comes to the sign-up process. I know they send out an email, but sometimes our users get a little confused. It could be an end-user problem, but Cisco could work on that a little.

Duo has some issues that we're trying to work through. For example, if I install it on a WordPress site and another admin needs to log in, they can't because Duo hasn't been set up for them. It doesn't appear that I can add permissions on a user-by-user basis. It's not obvious. I would also like to see password-free login. There used to be a password-free product where you used your phone and looked at the screen. I can't remember what it's called now, but it was great. It used blue wavy lines that constantly changed, so nobody could ever screen capture and use them to log in. That was by far the best solution. Duo bought them out and did away with them. They probably saw it as a threat because it was a better solution. And a couple of companies have tried to mimic that, but they have never come close. If Duo were to go back to something like that, I would be ecstatic. Passwords are supposed to be a thing of the past.

Duo Security could improve by being more compatible with other vendors.

We had some trouble with the password reset function. When a user's password is expired, you can prompt them using Cisco AnyConnect — a password management feature — to change their password in the same channel during the login process. We had a lot of trouble configuring that. As a result, we now have a second channel that bypasses Duo to allow them to reset their password. For this, we needed Cisco support, Duo support, and our network administrator all lined up. It should have just been something that they could have just configured, but they weren't able to do it in the same channel. We had to actually create a second channel. When you do this, people will try to log on and it'll tell them that their password is incorrect. They'll realize that their password is expired because it's been 90 days. Afterward, they'll have to then go back to AnyConnect, change the channel that they're logging into, attempt to log in, get the password prompt, disconnect from the AnyConnect, and then reconnect using the Cisco Duo multifactor authentication — this is extremely complicated. Still, it's really only a problem for a small subset of users. The ones who ignore the notifications 10 days before saying, "Hey, change your password." So, it's not as big of a deal as it sounds. Just by having a functional way to do it, it makes it so that if nobody's on staff, the user can reset their own password without having to call us in the middle of the night on a Saturday, because that's the best time for those passwords to expire. Also, it would be nice if it was easier to modify the splash screen that comes up when entering your username and password.

The only time I really had some negative feedback for them was about the UI of their mobile app, but they improved it in the last version. There was no way to (re)name 3rd party OTP accounts so it got confusing when multiple ones were existing. In addition, each account took a lot of space on the screen, they condensed it in the new version to make it easier for people that have a lot of accounts added. Duo has a beta program and actively solicits and listens to feedback which personally I think is great. It is good on the functionality side, but their pricing model is a little bit weird. Currently, there is no price advantage in signing up for yearly contracts. If you are on a monthly term or a yearly contract, you basically pay the same price, and that is very unusual. Normally, there is a discount when someone signs up for the 12-month system.

Its documentation must be in French because we are a French-speaking country. They should also provide more training documentation. Its management interface should also be improved. They should also improve its update period. If I compare its update period with other products such as Palo Alto firewalls, this solution is really slow in updates.

I haven't experienced any issues with Duo Security, but I'm only on the front end, I don't see the back end. I don't know what the IT guys are struggling with. From the front end, it's very fast and it hasn't missed a beat, so to say. As soon as I log in, within a second, I receive a message on my mobile, and as soon as I hit okay, that is within a second, then it's already passed on to the database where I need to be. It's lightning-fast, I've never experienced anything like it in the past.

I think that the dashboard needs to be improved. Duo Security is a cloud-based product. Most of the security technicians in India that we work with want a security product in-house for their main data center security solution. Because it is possible to integrate Duo Security with cloud-based services, it is good for use with various customers and hybrid architecture. Other features are good, but the only thing is because of compliance, certain customers can not use it as a solution. This is due to compliance with regulations for lots of customers like banks and financial sectors who can not go with cloud products.

Improving coverage of different solutions and on-premise residents would make a difference. It would help if you could deploy on-premises, and not only with the cloud. Connection with an active directory requires something on-premises and for that, you need to have some kind of client or proxy, or something on-prem but keeping the idea of the users for GDPR and not sending them to the cloud to do it, makes sense. Removing the need for a password would be a positive change as well as the ability to cover all the different enterprise applications. They don't have coverage for everything.

Reducing or eliminating the "telephony credits" system used by Duo would be great. I recognize that they are meant to provide transparency around the cost of using what is supposed to be a limited-use feature set, but I would just rather have the ability to use unlimited telephony and roll that cost into the annual subscription.