Duo Security Outage History

Duo Security experienced a degradation in SSO authentication due to password reset failures for Duo SSO logins using Active Directory as the authentication source. This affected password resets and sign-ins for Duo SSO users relying on AD, with a broad set of SSO components listed as degraded.

The incident began at 11:25 PM UTC and was resolved by 1:05 AM UTC, lasting about 1 hour 40 minutes. Duo Security published two status updates during the incident, indicating investigation and eventual restoration.

The incident affected Duo Security SSO logins that use Active Directory as the authentication source, causing intermittent delays for users signing in to SSO-enabled apps. A broad set of Duo SSO components were impacted, resulting in slower authentication across affected services. The outage began at 12:31 PM UTC and Duo initiated an investigation. The provider issued 2 status updates during the incident and authentication was restored by 1:50 PM UTC, with the outage lasting approximately 1 hour 19 minutes.

Duo Security experienced degraded performance in its Phone Call Delivery service across deployments in India, disrupting voice-based 2FA calls for several hours. The outage began at 3:01 PM UTC and lasted approximately 5 hours and 34 minutes, with resolution by 8:35 PM UTC. The incident impacted dozens of Phone Call Delivery components across multiple deployments in India. The Duo status page posted two updates during the incident: the first noting degradation in India VOIP services, and the second confirming that the issue had been resolved and services were returning to normal.

Duo Security reported intermittent SMS passcode delivery failures in the US region, impacting logins to Duo-enabled services that rely on SMS codes. The outage began when the status page transitioned to a warn state at 2:21 PM UTC and affected dozens of SMS delivery components across the platform. Users attempting to sign in with SMS passcodes could be blocked; Duo advised using alternative methods such as Duo Push, Mobile Passcodes, or Hardware Tokens while the issue was investigated.

The provider issued two status updates during the incident. The issue was resolved about 3:10 PM UTC when the status page returned to normal, indicating all SMS delivery components were restored. The outage lasted roughly 49 minutes and primarily affected US region users relying on SMS for authentication.

A regional outage affected Duo Security's phone call authentication in India, impacting dozens of DUO Phone Call Delivery endpoints and causing intermittent login issues. Users attempting to log in via phone call verification may have experienced interruptions. The issue began at 1:55 PM UTC and lasted about 20 minutes, with a resolution by 2:15 PM UTC. Duo advised using alternate authentication methods such as Duo Push, mobile passcodes, and hardware tokens during the incident. The provider issued 2 status updates as the investigation progressed, and the disruption appeared regional to India.

Duo Security reported intermittent failures in its US region affecting Phone Call Delivery for authentication. Users attempting to sign in with phone call verification may have experienced login issues during the incident. Alternate authentication methods such as Duo Push, mobile passcodes, and hardware tokens were advised as workarounds. The outage began at Mar 31, 2025 3:51 PM UTC and was resolved by Mar 31, 2025 4:21 PM UTC, lasting about 30 minutes and impacting multiple Phone Call Delivery components in the US region. The provider issued 2 status updates during the incident.

A brief login expiration issue prevented access for a subset of Duo Security users. The outage began at 2:48 AM UTC and was resolved by 3:00 AM UTC, lasting about 12 minutes. Reports from multiple U.S. locations, including Seattle, Chicago, Phoenix, Muskego, and North Pole, described login expiration messages or authentication failures. StatusGator detected the issue at Mar 9, 2025 2:48 AM UTC. Duo Security did not publish official status updates during the event.

At 3:21 PM UTC, Duo reported Admin Panel login issues impacting deployments across all Admin Panel components. Admins attempting to sign in to the Duo Admin Panel faced login failures, limiting access to administration features across deployments. The incident was characterized as an investigation into degraded Admin Panel login capability, with a broad set of Admin Panel components listed as affected. The incident lasted about 54 minutes and was resolved by 4:15 PM UTC when the Admin Panel returned to normal. Duo issued two status updates during the event to communicate the investigation and the eventual restoration.

Duo Security suffered a widespread disruption affecting Admin Panel logins and SMS/Phone Call MFA delivery across all deployments, with Core Authentication Service and related components like the Device Management Portal and Risk-based Authentication impacted. Users experienced difficulty logging in and receiving one-time codes or calls. StatusGator detected the issue at Feb 13, 2025 6:18 PM UTC, about 27 minutes before the first official Duo update at Feb 13, 2025 6:45 PM UTC. Duo issued 9 status updates during the incident as engineers worked to deploy a fix. The outage persisted for several hours, with Admin Panel access gradually restored first and SMS/Phone delivery returning across deployments over time; by Feb 14, 2025 1:45 AM UTC most core services and admin access were restored, with Telephony services and the Device Management Portal recovery progressing in subsequent updates. Reports came from multiple regions worldwide, indicating a global impact.

Duo Security reported a brief authentication issue affecting a subset of Duo SSO customers not using Passwordless. The incident began at 3:45 PM UTC with 13 Duo SSO components degraded, causing sign-in failures for affected users for about 10 minutes. The incident was identified and a fix is being implemented.

The provider issued two status updates during the incident detailing the impact and the ongoing remediation, with all components restored by 3:55 PM UTC.