Duo Security Room for Improvement
More automation and device insights would be helpful in achieving a seamless single pane of glass. Having the additional capability to streamline processes would also make things better.
Sales engineer manager at a wholesaler/distributor with 1,001-5,000 employees
There could be improvements made to the dashboards and more integration with the rest of the Cisco ecosystem. Duo was clearly purchased, and Cisco has a lot of other panels for their Firepower products, et cetera. They need to continue bringing it, Umbrella, and the endpoint pieces even more together and make the integration a little more seamless among all of them.View full review »
The reporting feature is somewhat limited. All that you get is the list of times that the user connected. Given that it's only a secondary authentication, it may not be possible to enhance the reporting.
We have had instances where Duo Security stops working on a user's device, which we have fixed by uninstalling and then reinstalling it.View full review »
We had some trouble with the password reset function. When a user's password is expired, you can prompt them using Cisco AnyConnect — a password management feature — to change their password in the same channel during the login process. We had a lot of trouble configuring that. As a result, we now have a second channel that bypasses Duo to allow them to reset their password.
For this, we needed Cisco support, Duo support, and our network administrator all lined up. It should have just been something that they could have just configured, but they weren't able to do it in the same channel. We had to actually create a second channel. When you do this, people will try to log on and it'll tell them that their password is incorrect. They'll realize that their password is expired because it's been 90 days. Afterward, they'll have to then go back to AnyConnect, change the channel that they're logging into, attempt to log in, get the password prompt, disconnect from the AnyConnect, and then reconnect using the Cisco Duo multifactor authentication — this is extremely complicated.
Still, it's really only a problem for a small subset of users. The ones who ignore the notifications 10 days before saying, "Hey, change your password." So, it's not as big of a deal as it sounds. Just by having a functional way to do it, it makes it so that if nobody's on staff, the user can reset their own password without having to call us in the middle of the night on a Saturday, because that's the best time for those passwords to expire.
Also, it would be nice if it was easier to modify the splash screen that comes up when entering your username and password.View full review »
We found it difficult to integrate it into our broader product family of Microsoft tools and other applications used across our organization. So, we have pulled back from this solution a little bit. It was easier to use Microsoft MFA, which integrated with everything and still did the two-factor authentication that we needed.
There is nothing wrong with the product, as far as its functionality. It was just the breadth of support. It got harder and harder to integrate.
For what it does, it is fantastic. Once we started hitting Microsoft Office stacks, we then began to find its limitations.
It is not so good for securing access to our application and network. We found it harder to integrate, particularly with the Office stack, which is our primary application stack. We did get it working with a few other cloud applications that we were working with as part of our single sign-on story. However, it certainly wasn't easy to integrate in-house.
It created another step for users who don't know about the benefits, as far as the corporate benefits. I wouldn't consider having another app on their phones and having another thing to deal with a positive for our user community.View full review »
Network Engineer at a tech services company with 11-50 employees
Technical support could be improved. I don't think all support should have to go through an agreement.View full review »
I would like to see some features simplified, such as securing, configuring, and implementing Microsoft Remote Desktop. Other than that, the solution was rock solid throughout my time administering it.View full review »
They could just continue to add more integrations.View full review »
MSP Director at a tech services company with 11-50 employees
One area that might be improved is that setting up SMS texting is not as easy as using the app, even though it does support it.
Also, a faster management user interface would help. It tends to lag a little bit.View full review »
Integration with a product such as Microsoft Sentinel would be great. As the product continually improves, I'm unsure if this feature is available.
It could be a little bit more intuitive when it comes to the sign-up process. I know they send out an email, but sometimes our users get a little confused. It could be an end-user problem, but Cisco could work on that a little.View full review »
I wouldn't mind seeing some options for remembering a device for a short period of time or a specific login, particularly for administrative engineering staff, as we may be logging in to four or five different services. We're having to use it a lot. I understand it, it's just part of it. That's not specific to Duo. That's two-factor authentication in general.View full review »
Senior Aerospace Engineer at a manufacturing company with 10,001+ employees
End-users find it more annoying than anything else. It's tough to manage user perception of the service, especially when there isn't feature parity between Mac and Windows users. There are some challenges in making that user experience the same between platforms and helping users feel the least amount of burden possible while helping to ensure the organization's security.
Network connectivity depends on where users are located. Internally, on-premises, it's not hard keeping connectivity, but we have users who move throughout the world, and their levels of connectivity change. It can be a challenge, if someone is in Bahrain, to authenticate via Duo.View full review »
Head of IT and Security at a consultancy with 11-50 employees
The only time I really had some negative feedback for them was about the UI of their mobile app, but they improved it in the last version. There was no way to (re)name 3rd party OTP accounts so it got confusing when multiple ones were existing. In addition, each account took a lot of space on the screen, they condensed it in the new version to make it easier for people that have a lot of accounts added. Duo has a beta program and actively solicits and listens to feedback which personally I think is great.
It is good on the functionality side, but their pricing model is a little bit weird. Currently, there is no price advantage in signing up for yearly contracts. If you are on a monthly term or a yearly contract, you basically pay the same price, and that is very unusual. Normally, there is a discount when someone signs up for the 12-month system.View full review »
It is not easy to maintain network connectivity.
Duo Security should have more customized use cases. For example, if a client needs to have more customization, it would be better to connect directly with Duo's R&D to try to discuss the issues together in order to add customizations.View full review »
Sometimes, it's a little harder for customers to adopt.
Also, when it comes to the single pane of glass for management, there are some mixed reviews and opinions that say there could be some other options. But those are very unique cases.
The majority of my customers are really good with just the two-factor authentication and don't really take advantage of a lot of the extra bells and whistles that it has. Getting them to adopt more of those features, versus asking for anything new, would probably be where my first step would be.View full review »
The biggest challenge is integrating it into all our end user utilities. We use it for other networks, not just our personal network. So, the challenge is just integrating it across the board.
There is not much improvement as far as the front-facing part of it. For the back-end, there could be a few more security features applied. Obviously, as they grow, it will get better.View full review »
Duo has some issues that we're trying to work through. For example, if I install it on a WordPress site and another admin needs to log in, they can't because Duo hasn't been set up for them. It doesn't appear that I can add permissions on a user-by-user basis. It's not obvious.
I would also like to see password-free login. There used to be a password-free product where you used your phone and looked at the screen. I can't remember what it's called now, but it was great. It used blue wavy lines that constantly changed, so nobody could ever screen capture and use them to log in. That was by far the best solution.
Duo bought them out and did away with them. They probably saw it as a threat because it was a better solution. And a couple of companies have tried to mimic that, but they have never come close. If Duo were to go back to something like that, I would be ecstatic. Passwords are supposed to be a thing of the past.View full review »
We have a 24 hour timer for our Duo cookie and we would like to reduce this to a shorter time when using Duo. We use Duo together with GlobalProtect and I am not sure which solution would be responsible for this improvement.View full review »
Duo Security could improve by being more compatible with other vendors.View full review »
Its documentation must be in French because we are a French-speaking country. They should also provide more training documentation.
Its management interface should also be improved. They should also improve its update period. If I compare its update period with other products such as Palo Alto firewalls, this solution is really slow in updates.View full review »
I haven't experienced any issues with Duo Security, but I'm only on the front end, I don't see the back end. I don't know what the IT guys are struggling with. From the front end, it's very fast and it hasn't missed a beat, so to say. As soon as I log in, within a second, I receive a message on my mobile, and as soon as I hit okay, that is within a second, then it's already passed on to the database where I need to be. It's lightning-fast, I've never experienced anything like it in the past.View full review »