Passwordless and MFA push-based safety apps have gotten the norm in enterprises. We examine the options and prices of two of the largest gamers on this area, Duo and Microsoft Authenticator, and pit them head-to-head.
The enterprise world has seen elevated safety protocols since do business from home has elevated over the previous few years. One of many ways in which safety protocols may be ensured is by requiring two-factor authentication (2FA, also referred to as MFA or multi-factor authentication). By requiring a username, password and safety immediate by supplying a 2FA rolling code or push notification, safe techniques can make sure that a consumer’s system is with them when authenticating.
SEE: Password breach: Why popular culture and passwords don’t combine (free PDF) (TechRepublic)
There are a number of apps that may flip present iOS and Android gadgets right into a 2FA, however two apps have risen to the highest of our radar throughout the previous few years, particularly in relation to authenticating through push notifications (through API callbacks for customized and supported purposes): Microsoft Authenticator and Duo. We’ll delve into Microsoft Authenticator and Duo and discover out which multifactor authentication software program can present the very best bang for the buck in relation to options, pricing and usefulness.
An outline of Microsoft Authenticator and Duo
Microsoft Authenticator is a 2FA/MFA software that helps two-factor authentication through push notifications and the power to register your personal 2FA accounts in the identical app. Microsoft Authenticator can mechanically configure your system for multi-factor authentication by signing into an account that’s managed by a company. Microsoft Authenticator can tie into present Microsoft subscriptions and Lively Listing accounts to mechanically shield accounts which might be administered through an AD configuration. One of many largest benefits that Microsoft has is the power to bundle its service with all Microsoft 365 and Azure Lively Listing subscriptions without cost, which is usually a discount in case your group already subscribes.
Duo is an 2FA/MFA app that contains a self-enrollment function that permits staff in organizations to enroll their private or work gadgets. The appliance doesn’t assist software-based one-time passwords (like Microsoft Authenticator and Google Authenticator) do, which implies that it will probably solely interface with software program that helps Duo Push for authentication. Duo employs many different software program and hardware-based options similar to the power to geofence authentication requests, and extra.
Duo vs. Microsoft Authenticator: Options comparability
Most enterprise organizations seeking to Duo or Microsoft Authenticator will care primarily about integrations with present software program or customized software program and server purposes that may interface with these apps to assist MFA requests. Duo helps limitless software integrations by its platform on all editions obtainable. Microsoft Authenticator permits for integration with Microsoft providers and Azure Lively Listing providers, however falls again to time-based one-time password (TOTP) integration that can be utilized with any compliant MFA app (Google Authenticator, Microsoft Authenticator and others) so as to add a software-based 2FA code and generate a six-digit, one-time password to authenticate for customized software integrations.
SEE: Prime 5 issues to learn about multi-factor authentication (TechRepublic)
The most important delineation right here: Microsoft Authenticator will combine properly with its personal providers, however you’ll have to fallback to the built-in TOTP function for any customized providers your group maintains. Then again, Duo Cell doesn’t combine with customized TOTP implementations and might want to combine with the built-in supported providers, or you have to to combine with their API for any customized providers you keep as a company.
Microsoft Authenticator and Duo each assist push notification-based authentication. Utilizing this methodology, when a consumer indicators right into a service that helps one among these apps, the consumer will obtain an authentication request push notification. Tapping this notification, then acknowledging, will full an API callback to the service that’s trying an indication in to finish the sign up, all with no need to kind in any code.
Duo helps myriad monitoring choices for security-minded organizations. These embrace the preemptive options like the power to implement safety insurance policies per software, authentication solely on licensed networks, totally different insurance policies for BYOD cell vs. corporate-owned gadgets, and the power to watch and establish dangerous gadgets or dangerous authentication makes an attempt.
Microsoft Authenticator, alternatively, affords seemingly little to no built-in menace detection or many security measures until the group and gadgets are enrolled with Microsoft Intune (the cell system administration bundle provided by Microsoft).
One of many largest benefits to purposes like Microsoft Authenticator and Duo Cell is the power to log into providers with out supplying a username and password. Any such login is named passwordless login. Each Duo Mobile and Microsoft Authenticator assist this function; nonetheless, the Microsoft answer solely works with supported providers. Duo’s passwordless function is accessible in a preview for apps and providers that assist Duo SSO (single sign-on) and supported third-party SSO. This function will not be obtainable within the Duo Free plan, nonetheless, and solely paid customers get entry to it.
Duo vs. Microsoft Authenticator: Integrations
Constructed-in integrations for Microsoft Authenticator are as follows:
- Microsoft Azure Lively Listing purposes
- Microsoft 365 accounts
- Any software or service that makes use of conventional TOTP 2FA integration may also be added into the appliance and used to signal into these accounts manually.
Duo Cell helps an ever-growing record of providers that may work with it, which is required as conventional TOTP 2FA will not be obtainable with Duo and it as a substitute depends on API communication with these integrations:
- Akamai Enterprise Utility Entry
- Appsian Safety Platform
- Array AG SSL VPN
- Aruba ClearPass
- Atlassian Confluence
- Atlassian Jira
- Barracuda SSL VPN
- CAS (Central Authentication Service)
- Cisco ASA SSL VPN
- Citrix Gateway (Netscaler)
- Duo System Administration Portal (DMP)
- Duo Entry Gateway (DAG)
- Duo Community Gateway (DNG)
- F5 BIG-IP APM
- IBM Resilient
- Juniper SSL VPN
- Microsoft AD FS
- Microsoft Azure Conditional Entry
- Microsoft Outlook Internet App (OWA)
- Microsoft RD Internet
- OPAQ 360
- Oracle Entry Supervisor
- Palo Alto SSO
- Ping Federate
- Pulse Safe SSL VPN
- SonicWall SRA SSL VPN
- Splunk Admin Login
The most important profit to Duo Cell, nonetheless, is that integrations are infinitely expandable. Even customized purposes may be built-in with Duo Cell by its SSO or push API.
Duo vs. Microsoft Authenticator: Pricing and availability
Microsoft Authenticator (free; bundled)
Microsoft Authenticator pricing follows an easy mannequin of being free and bundled with all Microsoft Azure Lively Listing and 365 Enterprise accounts. For a full record of costs and options, visit this guide to determine if Microsoft Authenticator is bundled with your organization’s existing licenses.
Duo Cell (free; paid tier beginning at $3/consumer/month)
Duo Cell follows a tiered system based mostly on options and providers you’d like added into the appliance. A free tier permits for as much as 10 customers, then strikes into Duo MFA ($3/consumer/month; helpful should you solely want to add MFA assist), Duo Entry ($6/consumer/month; helpful if you would like monitoring and system belief assist), and ends up with Duo Past ($9/consumer/month; provides gateway and inner providers integrations). There’s a detailed chart explaining the various features bundled with the tiers on the Duo Mobile website.
Each Duo Mobile and Microsoft Authenticator are supported on Android and iOS platforms. Push notifications obtained by each may also be configured to be actionable by the top consumer to approve sign-ins with no need to open the appliance so long as they’ve authenticated on the lock display of their system or an unlocked Apple Watch or different supported smartwatch.
SEE: Why 2-factor authentication isn’t foolproof (TechRepublic)
Duo vs. Microsoft Authenticator: Which one do you have to select?
In case your group is reliant on Microsoft Azure Lively Listing or Microsoft 365 merchandise and solely these merchandise, then you have already got the Microsoft Authenticator without cost. This answer is a no brainer for a lot of organizations who wouldn’t need to require one other subscription for all staff, plus one other software and enrollment course of.
Our choose for greatest contender on this area nonetheless is Duo as a result of it offers a extra strong answer, permitting customized software integration in addition to integration with fashionable purposes and providers like Slack, Atlassian, Dropbox and extra. Duo does have a value related to it; nonetheless we discover that the fee is comparatively low for a product that permits for therefore many configuration choices. Duo additionally helps a number of providers and is rolling out passwordless authentication, which might make sure that customers don’t have to recollect their passwords. When customers are required to recollect them, they typically create passwords which might be too easy.