We are real-life hackers who break stuff, send phones to space, and know how people are trying to compromise you and your data. Ask Duo Labs anything!

Hi reddit!

We are:

Duo Labs is the advanced research team at Duo Security. Duo is a cloud-based trusted access provider protecting the world’s largest and fastest-growing companies from account takeover and data breaches.

The Duo Labs team brings wild, unthinkable ideas to life using the boundless magic of software and the internet. Duo Labs provides the deep security knowledge and innovation necessary to protect our customers, but we also have a larger mission of protecting the broader public by identifying and fixing vulnerabilities in large-scale Internet systems.

At any given time, we might be building prototypes of new features or products such as mobile app support for NFC-based U2F, building internal tools for convenience or security, or crunching numbers to support our product, engineering, and marketing teams. Occasionally, we break things; we’re still quite proud of bypassing PayPal’s 2FA a couple years back. Since then, we’ve expanded our team substantially.

Here are some things we’ve done, researched, and written about recently:

From time to time we tweet, you can check out our repos on github, watch us on youtube, see what we’re having for lunch on instagram, and come talk with us in the new Duo Community at any time.

Proof: cool proof tweet!

Edit 1 (noon, eastern): More proof

Edit 2 (3 p.m., eastern): We are so blown away by all of your amazing questions and responses. Please stop staring in our window, Doug. We're going to keep going for another hour to try to get to as many questions as possible.

Edit 3 (4 p.m., eastern): Thank you everyone so much for your poems and questions and exceptionally leet hax. We are going to start winding down here, but will try to keep answering a few questions.

Interested in talking more? Please come check out our new Duo Community. Post threads! Post comments! Ask us ... well ... anything.

Looking for a job at our pretty sweet company? Seems like lots of you are! Check out https://duo.com/about/careers.

Want to learn amazing things? Check out our Tech Talk series. The next talk is on lawful hacking.

Thanks again! We love you! Yes, even you, Doug.

Bonus edit: This thumbnail

Comments: 2910 • Responses: 11  • Date: 

alligator_council481 karma

Can you hack my facebook account?

Duo_Labs1025 karma

Adding to our research roadmap as we speak.

DylanBoss277 karma

What is a popular misconception about hacking that you'd like to address?

loveless_duo726 karma

That it is sexy and fun and happens in seconds, like on TV and movies. Most of the time it involves spending hours and days staring at a screen, and is mind-numbingly boring as you look for needles in haystacks comprised entirely of other needles that look exactly like the needle you are looking for.

Duo_Labs276 karma

Pretty much all of CSI: Cyber. http://replygif.net/i/347.gif

tokepocalypse47 karma

When you're on public WiFi do you have access to all the data going through? Is it illegal to compromise/fiddle with the WiFi network?

Duo_Labs52 karma

We actually did a quick video on this: https://www.youtube.com/watch?v=Kn8wA6iPbkg

zoso142138 karma

Are you hiring?

Duo_Labs40 karma

Duo's always hiring: https://duo.com/about/careers#jobs There are a few appsec roles open now

Nomaddening18 karma

How do you feel about self-driving cars? Are you worried about people's ability to hack them?

Duo_Labs40 karma

Actually, Chris Valasek and Charlie Miller who did the Jeep hacking are buddies of ours. We may have gotten them drunk in Vegas and filmed this little gem: https://www.youtube.com/watch?v=6v9gGII0IHI

TheChompingofAFetus12 karma

Can you please tell my college to get rid of 2 Factor for my homework sites? I understand the concern for the sites with financial info but I don't know any criminals trying to get their hands on my homework.

Duo_Labs20 karma

No.

hazpat6 karma

How long has Duo bean around?

Duo_Labs11 karma

Duo first got started back in 2009 when our founders, Dug Song and Jon (Jono) Oberheide decided 2FA was pretty lame and needed a facelift. Duo Push was born and the rest is history.

Fun fact: Dug met Jono when Jono was trying to break into Dug's network at a previous company. He decided he probably wanted to "work with that kid" and they spun up Duo in Ann Arbor's Tech Brewery.

Hemobewbin2 karma

Do you guys do internships? Also, how do you feel about vulnerability databases in the public eye? Obviously it allows for legitimate businesses to better protect against them, but when I used to hack I would target, check the databases for exploits based on the services they were running, and would get in easily. What do you think we could do to prevent this misuse of information?

Duo_Labs1 karma

Yup, this summer we'll be looking for interns again, for sure. We convinced our current intern to quit to grad school and come work for us full-time. Pssshhhhh, academia.