back to article Cisco's Duo Security suffers major authentication outage

Cisco-owned access management firm Duo Security has been unable to give customers access to their own IT systems due to an outage that began on Monday morning. The incident began around 0934 EDT and is still limiting some clients' ability to login to their respective services using Duo multi-factor authentication about three …

  1. Anonymous Coward
    Anonymous Coward

    Ouch

    What is else is there?

  2. Claptrap314 Silver badge

    And yet...

    it seems that every new client or partner wants me to use SSO.

    Seriously?

    1. Vince

      Re: And yet...

      The inability to realistically self-host your 2FA/MFA is a pain for this very reason. It adds yet another dependency to the chain of getting anything done.

      1. october.jerry

        Re: And yet...

        Check out FortiAuthenticator. Very affordable, very robust, very easy to implement. LDAPS, RADIUS, SAML, Oauth, etc. all supported. Push confirm for Android/iOS/smartwatches too. Both VM and hardware appliance options, with distributed HA possible too. Many such implementations.

  3. Kapsalon

    Where are the juicy details from the engineers

    The update from Cisco is really helpful:

    "Updated to add at 2345 UTC

    In a statement to The Register, a Cisco spokesperson told us, "Cisco’s top priority is the satisfaction and support of our customers."

    This is 100% marketing BS, apparently it is OK to provide no actual info.

    On top of that the issue "auto-resolved"

    In what world are we living? Is this text AI generated? Or was the issue fixed by an AI? Or generated?

    1. Anonymous Coward
      Anonymous Coward

      "Cisco’s top priority is the satisfaction and support of our customers."

      Yeah, call Cisco TAC and tell them your UCS hosted call manager flamed out and you need to transfer the VM to another host. If you can get that done in less than four days their priorities have changed and that might have a grain of truth to it. In reality, their software, despite running in a VM, attempts to tie itself to the underlying hardware as part of some truly incompetent DRM. As a result, to transfer hosts, you have to call Cisco sales and wait a couple days create a new license file for you, then rebuild the host VM from scratch and hope it does not crap the bed when you try to restore the config, or you eat rebuilding it from scratch.

      All because the genius level management assumed you would only always schedule a phone system migration weeks in advance, and not due to a mundane hardware failure.

      (Also, because f those clown's, one of the "secret" things their DRM does is tie your licence to the MAC of the underlying hardware interface. Yes that means any mundane hardware replacement will potentially eight ball your phone system, but who cares as long as Cisco gets paid right? You can save yourself some pain if you not the MAC they used and clone it to the interface on the new setup. Just watch yourself if you clone a VM or do a restore of the VM image, as your virtualization software will probably issues new addresses for the copy and may get angry if you try to create duplicates.)

  4. Ball boy Silver badge

    Cisco’s top priority is the satisfaction and support of our customers."

    No, it isn't: its top priority is to be profitable because if it fails at that then the company folds - and if that happens then, by definition, you won't have customers. Just ex-customers.

    /pedant

    1. Norman Nescio

      According to Cisco's Articles of Incorporation, the top priority (Article II, the purpose of the corporation) is:

      The purpose of this corporation is to engage in any lawful act or activity for which a corporation may be organized under the General Corporation Law of California other than the banking business, the trust company business or the practice of a profession permitted to be incorporated by the California Corporations Code.

      Corporations do not need to be profitable. Many are not, especially in the startup phases (e.g. Uber), and they might never progress beyond the startup phase. There is no legal requirement for corporations to have any expectation of longevity.

      /very_pedantic

  5. Anonymous Coward
    Terminator

    Yet another buggy web-based authentication interface.

    Seems like the vast majority security bugs are in the http* interface thingy.

  6. Anonymous Coward
    Anonymous Coward

    And another outage last night

    Apparently their services inaccurately claimed Android devices were tampered with:

    All Deployments: Some Android Devices Erroneously being flagged as Tampered during Auth

    New incident: Identified

    We have identified an issue that is causing some users on Android devices to be incorrectly flagged as Tampered during the authentication process, and are working on implementing a solution as soon as possible. As a workaround, you can use a Policy to create an exception for users that are confirmed to not be running Tampered devices.

    Time posted

    Aug 23, 14:08 EDT

  7. Anonymous Coward
    Anonymous Coward

    what is Cisco making this service ?

    I mean, there is the excellent MS auth already, and I don't another necessity to install yet another one similar !

    But no, Meraki doesn't support MS auth, unlike the whole rest of the world ...

    1. october.jerry

      Re: what is Cisco making this service ?

      Just leave Cisco entirely at this point. No point in staying anymore.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like