Brief legacy authentication prompt issues
Incident Report for Duo
Postmortem

Between the times of 22:00 UTC on 17 February 2016 and 00:11 UTC on 18 February 2016, eleven customers who had previously opted out of our new Authentication Prompt encountered an issue preventing their users from completing web-based authentications. Customers using the updated web authentication experience were unaffected.

Users logging into applications which do not call the Duo Authentication Prompt (i.e. non web-based applications such Duo Unix, Windows Logon, etc.) were unaffected by this issue. For a full list of all applications that utilize our Authentication Prompt, please check our Knowledge Base.

The root cause of the issue was the result of a code change to the authentication experience. The code change, while tested extensively against the latest iteration of our Authentication Prompt, was not as thoroughly tested against the older user login experience.

Duo’s Engineering team has implemented a fix which has restored the logon behavior for the older Authentication Prompt, and will continue to improve its code-release processes. As a reminder, we will be deprecating and removing the old Authentication Prompt logon experience on 08 March 2016.

Posted Feb 17, 2016 - 21:43 EST

Resolved
Between 22:00 and 00:11 UTC, a portion of users experienced intermittent issues with web-based authentications. This only affected accounts that were opted-out of our new Authentication Prompt User Interface that was rolled out in early December. The issue has been resolved and root-cause analysis will be provided shortly.
Posted Feb 17, 2016 - 20:34 EST
This incident affected: DUO2 (Core Authentication Service, Admin Panel, Push Delivery, Phone Call Delivery, SMS Message Delivery), DUO3 (Core Authentication Service, Admin Panel, Push Delivery, Phone Call Delivery, SMS Message Delivery), DUO4 (Core Authentication Service, Admin Panel, Push Delivery, Phone Call Delivery, SMS Message Delivery), DUO16 (Core Authentication Service, Admin Panel, Push Delivery, Phone Call Delivery, SMS Message Delivery), DUO20 (Core Authentication Service, Admin Panel, Push Delivery, Phone Call Delivery, SMS Message Delivery), DUO23 (Core Authentication Service, Admin Panel, Push Delivery, Phone Call Delivery, SMS Message Delivery), DUO24 (Core Authentication Service, Admin Panel, Push Delivery, Phone Call Delivery, SMS Message Delivery), and DUO32 (Core Authentication Service, Admin Panel, Push Delivery, Phone Call Delivery, SMS Message Delivery).