User authentication via telephone call 6-digit authentication code


#1

Is it possible to configure user authentication via telephone call to use 6 digit number instead of just single number?
Duo admins are authenticated via telephone call with 6 digit number. I guess different voice authentication service used for admins.


#2

Hey avs, right now you cannot require that users enter a six-digit code to auth via phone call. I’d recommend you file that as a feature request with your CSM.

However, in Settings in the Duo Admin Panel you can input which keys you’d like to use for authenticate and fraud (for example, you can make it so that “1” is authenticate and “9” reports fraud). Reference: https://duo.com/docs/administration-settings#phone-call-settings


#3

So for text messaging authentication the code generated is 6-digit, but not for a phone call authentication.
Essentially phone call authentication is weaker then text message authentication, as phone call only requires single digit to login and it is always “5” required… no variation at all.


#4

You can always disable authentication methods that aren’t to your liking. With Platform you can do this at the group or application level. Many security focused orgs disallow telephony altogether, at least for their most sensitive applications.

Cheers


#5

I’m aware of this. Just wanted to see if Duo could step up 2nd factor authentication for phone calls.