Requiring your users to use a multi-factor authenticator is one way to increase your company’s security posture.
Multi-factor authentication (MFA) increases your security by requiring a second form of verification. This is separate from your password. In addition to what you know (your password), you’ll have to have a piece of information (typically a one-time passcode).
(If you want to learn more about multi-factor authentication, check out our article “3 Ways Cisco Duo Multi-factor Authentication Benefits Remote Users.”)
When it comes to multi-factor authentication, there are many applications to choose from. While we are a Cisco partner, at The KR Group, our employees have used both Cisco Duo Security and Google Authenticator.
In our experience, we’ve found Cisco Duo to have more security features, but Google Authenticator is still a good option for users looking for a basic MFA platform.
Some of the differences we think are worth highlighting are:
- Business use
- Authentication options
If you’re looking for the more secure option for your business, you’ll find Duo Security is better suited to your needs. However, Google Authenticator still has an edge over Duo when it comes to cost.
Google Authenticator costs less
The first difference many prospective users will notice between Cisco Duo and Google Authenticator is the cost.
Google Authenticator is free, and Cisco Duo is only free for up to 10 users.
The free version of Duo is not only limited by user count, but also by its capabilities. It’s the simplest package and doesn’t provide anything besides Duo Push for iOS and Android, options for the second form of authentication, and unlimited integration.
The paid versions offer protection in a variety of areas, including user trust, device trust, adaptive authentication, policy enforcement, secure application access, single sign-on, and support.
Duo Security does offer a free 30-day trial, which gives you a taste of more of its features. If you decide to upgrade to a paid edition at the end of the trial, you’ll pay between $3 and $9 per user per month depending on which tier you choose.
While cybersecurity is worth investing in, if you are on a budget, Cisco Duo’s cost may be a barrier. Opting for free Google Authenticator is better than no form of multi-factor authentication.
However, Cisco Duo has more value than Google Authenticator, which we’ll point out in the following sections.
Cisco Duo is designed for businesses
When it comes to enterprise-grade MFA, Cisco Duo performs better than Google Authenticator in a couple of ways.
First, it integrates with more applications, a small subset of which include other Cisco applications (such as Umbrella and AnyConnect), to provide comprehensive security from multiple angles. The number of integrations Cisco Duo has with a variety of vendors makes it a great option for businesses looking for additional login security for their cloud or on-premises applications.
It also provides a level of endpoint protection not offered by Google Authenticator. The Duo Platform Edition provides analytics to help you monitor the security of your users’ devices and flags out-of-date software they may be running.
Cisco Duo offers more security
In a world where technology is always advancing and hackers are quick to catch up, updates are imperative to increasing security.
Updates address new security needs, fix bugs, and add features customers may be requesting.
Not only is Duo newer than Authenticator, but it’s also been updated more frequently as well.
On Android, Google Authenticator had its first update in April 2020 after more than two years without one. Meanwhile Duo Mobile has had regular updates, including the most recent one in March 2020.
Duo’s proactive approach to security is evident because it has yet to be exploited. While Google Authenticator is still generally considered a reliable option for MFA, there have been a couple of types of attacks that bypassed its preventative measures.
Duo and Authenticator have options for authentication
Whether you’re using Duo or Authenticator, using a passcode from the mobile application as the second form of authentication is the most common method. However, both applications have a variety of ways for you to verify your account.
1. Text message or phone call from Duo or Authenticator
If you don’t have internet access or a smartphone but are trying to log on to an MFA-protected application, you can opt to receive a text message or phone call from Duo or Authenticator. These text messages give you a one-time passcode.
Once you receive this code, you enter it the same way you would with a one-time code from the mobile application.
2. Accept-or-deny request from Duo
Cisco Duo offers the simplest form of multi-factor authentication with an accept-or-deny request (Duo Push). Instead of having to remember a passcode, you simply select whether or not the login occurred from you.
This feature is especially useful if you want to use Cisco Duo with a smartwatch.
3. U2F authentication through a USB device with Duo or Authenticator
Both Duo and Authenticator can be used with USB devices, such as YubiKey by Yubico, to verify logins without using a smartphone.
Your users plug in the physical USB device to the device the need to authenticate. Then, they tap the device to securely log into their accounts.
Duo also offers a token device that presents a time-based, one-time password (TOTP).
4. Fingerprint verification with Duo’s Web Authentication API
Another simple form of multi-factor authentication, Cisco Duo’s WebAuthn integrates with devices’ existing biometric technology (such as fingerprint identification).
Instead of a code or key, your fingerprint will verify your identity and allow you to log in to the account you’re trying to access.
Which MFA platform is right for you?
If you’re a business looking for the more secure option, Cisco Duo is the better option. Compared to Google Authenticator, it is designed for business use, offers better security, and has more options for the second form of authentication.
However, the main advantage Google Authenticator has over Duo is it is always free. If you have budgetary constraints but still want to use multi-factor authentication, Google Authenticator may be more accessible for your business. It still has multiple options for the form of authentication and provides security, even if it isn’t as stringent as Duo.
If you want to try Duo Security before you commit to a paid subscription, you can sign up for a free trial on their website.