How does DUO push button method and other methods actually work?

Google authenticator uses HOTP and TOTP algorithm for TFA.
What is the basic working principle of DUO push? What brings security to DUO push?

here is solutions:

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Solution 1

For push, Duo uses HOTP. It also supports TOTP when available.

What brings security to DUO push?

Quoted from the Duo website:

Duo Push, authentication requests approved in the Duo Mobile app, provides an extremely secure and user-friendly mobile authentication experience.

Duo Push is an out-of-band authentication mechanism over a mutually-authenticated secure transport and is resilient against even the most sophisticated credential-stealing attacks. Duo Push authentication requests are signed with an asymmetric key pair to ensure end-to-end integrity. Transaction details are displayed to the user for verification, and any discrepancies or unexpected authentication requests can be flagged with the tap of a button.

While operating over a TLS transport to protect confidentiality, the integrity of Duo Push transactions does not fully rely on TLS. Instead, an asymmetric signature scheme provides message-level authenticity and integrity on top of the transport channel. Therefore, even in the face of implementation-or-protocol-level attacks against TLS, Duo Push remains uncompromised and transaction approvals cannot be forged.

During Duo Mobile account activation, an asymmetric key pair is generated, which acts as the primary identifying credential for the user when responding to Duo Push requests. The private key is stored securely on the mobile device while the public key is maintained in Duo’s cloud service.


Note: Use and implement solution 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply