Skip navigation
A Truly Universal Prompt: Accessibility for All
Product & Engineering

A Truly Universal Prompt: Accessibility for All

At Duo we like to make the right thing to do, the easy thing to do. Duo recently announced that we’re simplifying our multi-factor authentication experience by building our new Universal Prompt.

The goal of the project is to both make the authentication prompt more secure and reduce user experience friction. When it comes to reducing friction, one of the fundamental pillars of this project is to provide a better authentication experience for everyone, including the many Duo users with disabilities.

We know that not everyone uses technology in the same way, but it’s important that our users with disabilities are able to access their accounts easily without compromising security. That’s why we’re committed to providing a high quality authentication experience regardless of how you use a computer.

Whether you need text magnified, use software to read websites to you, or only use a keyboard, we have strived to make authentication easier for all people. No workarounds should ever be needed to quickly authenticate.

Duo’s Core Value of Democratizing Security

Duo values access for all. One of our core values is to democratize security.

In the words of our founder, Dug Song, we can democratize security “by making it easy and effective -- something the industry has never really cared about.”

We care. So we have made some exciting changes to make it easy for administrators to set up Duo in all scenarios and deploy in hours. We made it easy for all users with different access needs to self-enroll, saving countless hours

Web Content Accessibility Guidelines (WCAG)

To make sure that we’re meeting the goals we have set, Duo is committing to meeting the Web Content Accessibility Guidelines (WCAG) 2.1 standards at the AA level. WCAG is a collaboratively created set of guidelines from contributors across the globe.

Duo chose the WCAG 2.1 AA standard to ensure that we are complying with the latest recommendations and to help our customers meet their compliance requirements. We are also watching these standards as they get updated so that we’re ready to support our customers' requirements as they evolve.

We’ve Set the Bar, Now Let’s Surpass It

The WCAG standard provides recommendations to help ensure applications are accessible, but with the Universal Prompt we want to be more than just accessible for users with disabilities. We want to give them a great, easy, secure experience. To accomplish this, Duo works with our customers to hear their individual needs and we test new features and products with users with disabilities.

From the first design concepts, we thought about how things would work for our users with disabilities. Some of the aspects that we focused on include providing easy to see text and interactable elements, making clean and intuitive layouts and honoring users’ accessibility preferences.

A screen grab showing Default, Hover, Focus and Click Area options.
Early design documentation enumerating possible designs that differentiate between default, hover, and focus states.
A screen grab showing the current focus state on Other Options to Log In.
The focus state design as it exists in the Universal Prompt today.
A screen grab showing an example of the current hover state, next to Other Options to Log In.
The hover state design as it exists in the Universal Prompt today.

Color Contrast

The current Duo Prompt includes buttons and elements with insufficient color contrast which could make discerning text from the background difficult. The new Universal prompt is an opportunity for us to introduce a color scheme where all text is comfortable to read for people with low vision and color blindness. In addition, we ensured that clickable elements like buttons and links have dark borders or underlines so they are clearly separated from plain text.

On the left: Buttons from the previous version of the prompt with insufficient color contrast that say “Call Me” and “Enter a Passcode.” 

A screen grab showing an example of bad color contrast.

On the right: A button from the new Universal Prompt with sufficient color contrast that says “Call Phone.”

A button with improved color contrast.

Reducing Primary Actions Per Page

The Universal Prompt employs a design principle of keeping primary actions reduced to one per page.

In the current version of the Duo Prompt, a user can see options for sending a Push notification, making a phone call, or entering a passcode all on one page. After selecting a method a message pops up at the bottom of the screen to tell you what the prompt is doing.

A screen grab of the Duo on-screen prompt.
An image of the default screen for the current Duo Prompt. Note that it includes four links, a device selection dropdown, three buttons to initiate two-factor authentication, and one checkbox for remembering this authentication.

In the Universal Prompt, we show one authentication method per screen, with full screen messages relating directly to that authentication, instead of small popups. This will improve the ability of screen readers to announce messages correctly and make it easier for any user to see the text most relevant to what they are doing.

A Duo prompt to Verify Your Identity: Check your phone for a Duo Push.
An image of the default screen for the Universal Prompt. Note that the push request has already been sent and it includes two links -- one to view other login options and another if you need help.

Honoring Accessibility Settings

The redesigned prompt includes animations to visually communicate status changes and progress, but we know that some users can find animations distracting. We’re detecting user settings such as preferences to reduce motion and turning off those animations when requested. In addition, the prompt was built in such a way that users can greatly increase their text sizes without any compromise to the user experience.

On the left: A photo of the default Duo Push screen for the Universal Prompt. 

A screen grab with Verify your identity: Check your phone for a Duo Push message displaying.

On the right: A photo of the Duo Push screen for the Universal Prompt when reduced motion is enabled on system settings.

A screen grab with a message to Verify your identity: Check your phone for a Duo Push.


Rethinking Previous Design Decisions

By redesigning the elements of the current Duo Prompt that are difficult for our users with disabilities to use, we are surpassing the standards set by WCAG. Rather than making existing problematic elements merely usable, we are providing a new simplified design altogether.

A screen grab of the Duo Prompt with Pushed a login request to your device showing.
An image of the current Duo Prompt with a “toast message” at the bottom of the screen. These toast messages have been removed from the Universal Prompt completely.

Summary

Duo recognizes the various needs that businesses and users have when it comes to accessibility. With the Universal Prompt we are helping businesses meet those needs while also designing user interfaces that work great for people with and without a wide range of disabilities. The Universal Prompt project embodies our mission of democratizing security and we are confident that users with disabilities will find the new authentication prompt both easy and pleasant to use.

While we continue working on this project, we’re performing accessibility audits, testing with screen readers, and getting feedback from folks with all types of abilities. When we make an accessible product, we are able to accommodate everyone.

What’s Next?

We’ve got a lot more to tell you about the Universal Prompt Project, so look for regular blog updates as we delve into more detail on each component of this project.

As we get closer to making these changes generally available, we will provide guidance on planning your migration to the Universal Prompt, including:

  • Communications templates for your organization and end-users

  • Updated documentation and Duo Knowledge Base articles

  • Tools in the Duo Admin Panel to track your progress


Ease of Use. Compliance. Lower TCO. Read why state and local agencies choose Duo's MFA. Get the Guide: Customer Chronicles.

Try Duo For Free

With our free 30-day trial and see how easy it is to get started with Duo and secure your workforce, from anywhere and on any device.