05 Apr Securing Apps using DUO 2 Factor Authentication Service
Securing Apps using DUO 2 Factor Authentication Service
How we used Duo to help a client make its apps more secure.
MyWorkDrive
CloudStorage
2016
Javascript, Duo
Overview
Myworkdrive, an enterprise cloud file sharing service, was looking for a two-factor authentication platform implemented within their custom code that included Web, Native Windows, and Android and IOS mobile applications.
The Challenge
Because the solution had to work with a variety of client types, we needed centralized Rest API where each interface could connect to authenticate to DUO.
Conceptual Development
We evaluated a number of solutions on the market, such as Twilio, Authy, and Duo, and after an evaluation and proof of concept stage settled on Duo.
Our Approach
While Duo does provide a number of useful libraries for web-based applications, we had to design our own Rest API to support mobile and native Windows applications. The first step in the process was to create the rest web service API. Once this was completed and tested, we moved on to creating the authentication UI mechanism for both both the Windows and Mobile Applications.
Prototyping and Iteration
Once our APIs were completed, we updated the mobile applications to implement them. . Then we tested each function of the Duo two-factor authentication on iOS and Android devices, including two-factor authentication responses by phone call, SMS, and Duo app push. During this process, all bugs were fixed, and we were able to confirm functionality for each client and push out the solution.
After completion, we increased the security of the application by giving a second layer of authentication during the login process. By using Duo, we able to present this feature in a convenient user interface.
The Result
I because of the SharePOint implementation, the client is able to take advantage of a standardized way of working with documents and information, So that users can focus more on doing their jobs and worry less about version control.After the new system went live,we provided technical and nontechnical support to the client’s IT department during the stabilization phase.