Supporting landline and cell phone

tesker · 2019-02-07 16:16:35 UTC

I would like to offer users the option of doing DUO 2FA when logging into our Keeper password manager with a landline phone as a backup to their cell phone.

If I set the landline as phone1, the DUO dialog that pops up offers only “Voice Call” and if you click Login without clicking “Voice Call” you see three options - “Duo Push”, “Text Message” and “Voice Call.”

This is perfect but I would like to have the second set of options presented first, and click “Login” without choosing a 2FA option and be presented with the “Voice Call” only button for the landline. Except doing it the second way doesn’t work. I understand that’s probably controlled by Keeper, and if so I’d like to know if there is some other way to get a backup landline call?

On the Keeper password prompt I tried entering ,phone2 but it says my password is incorrect.

Is there some other way to use the landline number without having it presented as the primary choice?

DuoKristina · 2019-02-07 19:19:14 UTC

Keeper is a Duo technical partner who used our API to add two-factor to their application. I suggest you contact Keeper with a feature request for them to enhance their Duo integration UI by letting the user pick which factor to use from all enrolled factors.

Thycotic is another Duo partner who used our API to add 2FA. Their Duo MFA UI lets users pick which device to use if they have more than one. You could send this to Keeper as an example.

https://thycotic.force.com/support/s/article/Configuring-Duo-for-Two-Factor step 6 “Log in as the test user. If there are multiple devices you will be prompted to select one.”

Thycotic Duo UI:

tesker · 2019-02-07 19:23:13 UTC

Thanks I will suggest it to them. So is there any alternate way to do 2FA via landline? Such as ,phone2 - which does not work when entered in the Keeper password field.

DuoKristina · 2019-02-08 15:19:46 UTC

Not if Keeper didn’t include support for factor names submitted in that "Passcode’ field, and it sounds like they did not since you tried it already.

Actually, did you try just the factor name phone2 without the leading comma? The comma is typically only necessary when the user is appending their factor selection to the end of their password. At this point in the Keeper login process, you have already submitted the password, so you are not appending the factor to anything.

tesker · 2019-02-08 16:32:36 UTC

Thanks. Tried that but it fails.

DuoKristina · 2019-02-08 19:16:41 UTC

I’m sorry to hear that. I also passed this thread to our partner contacts at Keeper as an enhancement suggestion.