User authentication via telephone call 6-digit authentication code

avs1 · ‎10-04-2016

Is it possible to configure user authentication via telephone call to use 6 digit number instead of just single number?
Duo admins are authenticated via telephone call with 6 digit number. I guess different voice authentication service used for admins.

mkorovesisduo · ‎10-04-2016

Hey avs, right now you cannot require that users enter a six-digit code to auth via phone call. I’d recommend you file that as a feature request with your CSM.

However, in Settings in the Duo Admin Panel you can input which keys you’d like to use for authenticate and fraud (for example, you can make it so that “1” is authenticate and “9” reports fraud). Reference: https://duo.com/docs/administration-settings#phone-call-settings

avs1 · ‎10-04-2016

So for text messaging authentication the code generated is 6-digit, but not for a phone call authentication.
Essentially phone call authentication is weaker then text message authentication, as phone call only requires single digit to login and it is always “5” required… no variation at all.

gleezy1 · ‎10-14-2016

You can always disable authentication methods that aren’t to your liking. With Platform you can do this at the group or application level. Many security focused orgs disallow telephony altogether, at least for their most sensitive applications.

Cheers

avs1 · ‎10-21-2016

I’m aware of this. Just wanted to see if Duo could step up 2nd factor authentication for phone calls.