2-factor authentication services

Updated: April 13, 2019

2018. Cisco is buying 2-factor authentication provider Duo Security

Cisco is to buy security firm Duo Security for $2.35 billion. The acquisition feels like a good fit for Cisco. Duo’s security apparatus lets employees use their own device for adaptive authentication. Instead of issuing key fobs with security codes, Duo’s solution works securely with any device. And within Cisco’s environment, the technology should feel like a natural fit for CTOs looking for secure two-factor authentication. Over the last few years, Cisco has made several key acquisitions: OpenDNS, Sourcefire, Cloudlock, and now Duo.

2017. Okta makes 2-factor authentication standard for all customers

Cloud identity provider Okta announced that it’s making 2FA the standard for all its customers. Research suggests that a large number of breaches are related to stolen or weak passwords. Okta recognizes that, so it’s implementing 2FA as a standard, presenting every user with a one-time passcode to add another layer of protection that will be harder for hackers to surface. What’s more, the company also sees the password reuse problem so it’s adding a compromised password detection tool, which can find commonly-used passwords from large, publicly-known data breaches and warn users if they are using them. It’s certainly a big step forward, and while 2FA isn’t a panacea,  it’s still better than just a username and password because it’s adding that additional layer of protection.

2015. Authy makes 2-factor authentication as painless as possible

Authy, the two-factor authentication startup, unveiled its newest product - OneTouch authentication service that makes two-factor authentication about as painless as possible. Instead of having to enter a code that’s generated on your phone into a web form, OneTouch simply sends a push notification to your phone, asks you to confirm that you want to sign in to the site that sent the notification and you’re in. That’s about as frictionless as two-factor authentication gets. The idea here is that by entering the code into the website, you basically prove that you have access to the phone, too, so you could just as well take this to the next level and use the phone to authenticate yourself.

2015. Twilio acquires 2-factor authentication service Authy

Communications API provider Twilio has acquired Authy, a service that offers two-factor authentication to end users and enterprises. Authy is a natural fit for Twilio, that over the past few years powered components of the authentication and verification experience for brands like Intuit, Box and GitHub. Integrating Authy’s service with Twilio will give users a better self-service and policy-management experience, as well as features like mobile phone-based TOTP [time-based one-time passwords]. A number of Twilio customers, after all, have already built their own two-factor authentication services that use Twilio’s SMS and voice services. They will soon be able to do away with those (after a bit of engineering work, I would imagine) and choose Authy as a product option on Twilio.com.

2010. OneLogin - Single sign-on for SaaS apps

Thanks to SaaS technology, a large number of business applications have appeared. Now companies can use multiple applications from different vendors (not just from Microsoft). But along with the wide variety of applications the problems of their integration and a single sign-on have come. Various platforms, marketplaces and SaaS associations are intended to solve these problems: Force.com, Intuit Partner Program, Google Apps Marketplace. OneLogin also tries to solve the single sign-on problem in simple and ingenious way. It is the centrally-administered username / password database + browser plugin, which makes working with a large number of SaaS applications very convenient. It works like this. The user presses the button on the browser toolbar, and the page with list of all used applications is opened. Then he clicks on the needed application and logs in without entering login / password. IT administrators can control all authentication data and sync it with Active Directory (or other directory via LDAP). It's also possible to limit allowed IP-addresses that can access apps. Of course, the level of security is dramatically increased. In addition, OneLogin - is not just form-filler. It supports different authentication technologies, including OpenID, SAML, 2-factor authentication. But you can't use it with any application application - only with those that OpenLogin has official  integration. Although this list - is pretty long.