Case Study: Facebook secures developers and scales frictionless two-factor access to 10,000+ users with Duo Security

Facebook - Customer Case Study

Facebook needed to protect personal data for over a billion users while keeping up with a fast-paced developer culture that generates tens of thousands of SSH sessions daily. Traditional two-factor options (time-based tokens, smart cards, SMS OTPs) were error-prone, limited in device support, and created significant support overhead, so the security team sought a stronger, low-friction authentication method that fit seamlessly into developers’ workflows.

Facebook adopted Duo Security’s cloud-based two-factor solution (Duo Mobile with push, SMS, voice and hardware token support) and paired it with Yubico’s YubiKey Nano for simple USB tap authentication. The lightweight, easy-to-deploy system expanded organically from 300 to more than 10,000 users across Linux, VPN, Windows, Splunk and OWA, replacing RSA tokens and delivering strong security with minimal administrative and user friction.

Facebook

John “Four” Flynn

Information Security Manager