[lobster_johnson]

The enterprise version of Duo apparently works by having the mobile app wake up to ask you for confirmation for the login -- similar to how Apple's Touch ID automatically opens to confirm things like Apple Pay if you initiate from the desktop -- rather than making the user open the app, select the account and generating a number.

I don't know what protocol is used, and I've never tried it, because it's not part of the single-user Duo Mobile app.

But this always struck me as a much more user-friendly way of doing 2FA than the Google Authenticator style that generates numbers that you then have to manually enter.

[iafan]

Yeah, I'm an every-day-user of enterprise Duo app. It is as good as a third-party app can be (on iOS specifically), yet you have to do extra steps as compared to Touch ID alone: force-press the notification, click Accept, then confirm with Touch ID. The first steps out of two are just a limitation of how apps work in iOS. If your phone is in sleep mode, you will miss the notification as well. Such things really need to be implemented on OS level.

But apart from arguably good iOS app UI, it takes the whole IT department to enable Duo 2FA and educate employees on how to enable and use it on their personal accounts, and that's what I don't like about Duo and other solutions. Also, this is just a second step of the two-factor auth, which means the first step (usually plain old username/password auth) is still there.

In my ideal world, I'd prefer something that worked out of the box (with very easy bootstrapping process). I believe SecureLogin, as a concept, has potential here, and if implemented right, might lead to some standardization and implementation of more transparent 1FA/2FA flows.

[bastijn]

Blizzard 2FA doesn't even come up. Having it installed is good enough for automatic detection if on same device if I remember correctly. If on different devices you have to press accept or deny comparing a unique code on the app vs. On the app where you want to login. Much easier than copying the code.

[pbarnes_1]

Google has this option in the Google iOS app (and presumably the Android one).

Interactive Brokers have had something like this for a couple of years.