6 comments

[ 3.1 ms ] story [ 18.0 ms ] thread
The secure configuration means when Duo is down, you can't login, unless you have some out of band login method that's not protected by Duo. That is a pretty big commitment to Duo's uptime, and it makes sense that it's not the default.
Have Duo had big outages? I don't think it's reasonable to expect end users to be unaffected in those situations, especially if it implies this sort of insecurity in normal situations... If the default were to fail closed, then Duo customers could choose to fail open instead, but it would be a conscious, aware choice.
I recall they've had a few. They don't have very many listed on their status page, which to their credit, has a long archive. And the ones reported were generally only about 10 minutes. On the other hand, it sucks to wait 10 minutes to be able to login to fix something that broke on your own servers.

And, one day, they may suddenly go out of business, as can happen. In my team, we discussed this option, and intentionally picked fail safe (open), and would have regardless of the default.

> Have Duo had big outages?

I imagine a more relevant question for most is could Duo have a big outage.

As the article points out, in a directed attack it just has to be an outage which affects the target server: e.g. compromise a firewall, lan DNS, or managed switch in front of the server and "block" duo.