Duo's Security Blog

MARCH 30, 2021

What’s Coming I’m excited to share that Cisco is announcing Duo’s passwordless authentication. Duo passwordless authentication will be available for public preview beginning summer 2021. The FIDO Alliance’s FIDO2 specification, built upon the Web Authentication (WebAuthn) standard, laid the foundation for passwordless authentication.

Authentication 97

Authentication Passwords Internet Internet 97

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That is true two-factor authentication: Something you have, and something you know (and maybe also even something you are).

Passwords 321

Passwords Mobile Authentication Banking 321

CyberSecurity Insiders

JUNE 4, 2021

In addition to the above, the pandemic has permanently shifted the role of digital payment technology. So, how can we ride the digital wave for financial services and shape an innovative mobile experience that customers use in the long term? Our Digital First blog series. The economic benefits of Digital First.

Mobile 64

Mobile Banking Digital transformation Technology 64

Krebs on Security

JANUARY 30, 2024

technology companies during the summer of 2022. In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. 9, 2024, U.S. Image credit: Amitai Cohen of Wiz.

Social Engineering 318

Social Engineering Mobile Cybercrime Passwords 318

Duo's Security Blog

JULY 12, 2023

As a technology marketing professional, I use at least 20 applications every day - SaaS/cloud applications and on-premises apps - including email, web-browser based, chat/collaboration, corporate internal apps including Intranet, and mobile apps. It is estimated that by 2025, 85% of business apps will be SaaS-based.

Mobile 96

Mobile Authentication Marketing Passwords 96

Duo's Security Blog

JULY 7, 2023

A passkey is a phishing-resistant cryptographic keypair you register for web-based authentication. It’s the strongest authentication method available today, which is why you see passkeys moving to replace passwords altogether. See the video at the blog post. What is a passkey?

Authentication 83

Authentication Passwords Mobile Password Management 83

The Last Watchdog

MAY 19, 2022

Wikipedia uses a CMS for textual entries, blog posts, images, photographs, videos, charts, graphics, and “ talk pages ” that help its many contributors collaborate. Security is also necessary if your retrieval system (such as a website or mobile app) has a paywall or is restricted to only a subset of people, such as customers or resellers.

Data breaches 262

Data breaches Encryption Mobile Technology 262

The Last Watchdog

APRIL 13, 2021

But what about the numerous machines on a company’s network, like mobile devices, servers, applications, and IoT devices? Machines are dramatically increasing, and require a solution that will identify these identities, authenticate them, and then secure their interactions across the network. Verify email. Know, trust, verify.

Authentication 191

Authentication Mobile Technology IoT 191

Pentester Academy

MARCH 23, 2023

Lab Walkthrough — Moodle SpellChecker Path Authenticated RCE [CVE-2021–21809] In our lab walkthrough series, we go through selected lab exercises on our INE Platform. Also, to access the upgrade.txt file, we do not need any authentication. Mobile/15E148 Safari/604.1 Mobile/15E148 Safari/604.1 Mobile/15E148 Safari/604.1

Authentication 52

Authentication Mobile Passwords Penetration Testing 52

Duo's Security Blog

DECEMBER 6, 2022

When someone is told that passwords are going away in favor of a new, “password-less” authentication method, a healthy dose of skepticism is not unwarranted. Experts in the fields of data protection and information security now look towards new technologies to make system access much more secure. What is WebAuthn?

Architecture 94

Architecture Authentication Passwords Technology 94

Duo's Security Blog

SEPTEMBER 6, 2023

We have a lot of thoughts on passkeys – some of which we’ve shared in other posts in this passkey blog series – and today we’re going to explore how passkeys stack up against passwords from the perspective of cloud platforms. That’s why many tech companies are turning to passkeys as a more secure and convenient replacement.

Passwords 96

Passwords Password Management Authentication Threat Detection 96

Thales Cloud Protection & Licensing

FEBRUARY 21, 2024

Every time you send a mobile payment, search for airline flight prices, or book a restaurant reservation - you are using an API. In this blog, we will explain the unique data security challenges for Telcos and three ways how both Thales and Red Hat can help them protect against future API attacks.

Encryption 139

Encryption Mobile Government Consumer Protection 139

Duo's Security Blog

MAY 23, 2023

Passwords are a weak point in modern-day secure authentication practices, with Verizon highlighting that almost 50% of breaches start with compromised credentials. Until a fully password-free environment is deployed, accepted, and adopted by all users, less secure methods of authentication will still be relied on.

Authentication 131

Authentication Passwords Data breaches Phishing 131

Duo's Security Blog

FEBRUARY 23, 2024

It’s essentially an ‘easy button’ for our Public Sector customers for Federal Authentication and Access Control. This includes: FedRAMP, FISMA, FIPS 140-2 compliant authentication standards, aligns with National Institute of Standards and Technology (NIST) SP 800-63-3 , DFARS/FARS, OMB ICAM policy and more.

Energy and Utilities 54

Energy and Utilities Authentication Mobile Technology 54

SecureWorld News

AUGUST 28, 2023

energy company, as well as organizations in other industries, such as finance, insurance, manufacturing, and technology. A blog post from Cofense , which spotted the campaign, further details the scam, particularly the one aimed at the energy company. In May 2023, a phishing campaign was launched that targeted a major U.S.

Phishing 76

Phishing Scams Mobile Media 76

Thales Cloud Protection & Licensing

JULY 3, 2019

With details from our report, I also highlighted how demand for modernization, mobile payments, IoT, cloud migration and cost savings is driving the push for new technologies while increasing opportunities for threats. To learn more, listen to the podcast here. My interview starts at 3:56 and concludes at 10:07.

Government 120

Government Cloud Migration IoT Encryption 120

Security Boulevard

AUGUST 3, 2022

230 apps were leaking all four 0Auth authentication credentials and could be used to fully take over Twitter accounts to perform critical/sensitive actions. The Twitter API provides direct access to a Twitter account and OAuth tokens are used by the Twitter API for authentication. Twitter API. The vulnerability.

Mobile 98

Mobile Authentication Accountability Identity Theft 98

Duo's Security Blog

MAY 4, 2023

See the video at the blog post. Passwordless is this next paradigm in authentication where we don’t have to rely on human-created passwords and credentials. People have already gotten pretty comfortable with these flows because of mobile devices having biometric support over the past five, almost 10 years now, at this point.

Passwords 97

Passwords Authentication DNS Technology 97

Cisco Security

SEPTEMBER 22, 2021

With the introduction of Wi-Fi 6, many organizations are shifting from a primarily wired infrastructure to one that focuses on worker mobility through wireless connectivity. The attacker can then use this passphrase to de-authenticate the original client and connect with the access point in its place. De-authentication attacks.

Wireless 118

Wireless Authentication Penetration Testing Mobile 118

Duo's Security Blog

SEPTEMBER 13, 2023

With this release, many high security and low friction authentication methods were made available. WebAuthn allows servers to register and authenticate users using Public Key Cryptography. It allows servers to integrate with strong biometric authenticators, built into devices, like Windows Hello or Apple’s Touch ID.

Authentication 54

Authentication Encryption eCommerce Phishing 54

CyberSecurity Insiders

JUNE 8, 2021

In this blog, I am joined by my colleague Pauline Pinzuti, Marketing Manager to discuss how the use of voice biometrics can help telecom operators fight ID fraud. What do mobile operations needs to know about telecom fraud? As a result, many have created extensive service portfolios, extending far beyond just mobile communications.

Authentication 102

Authentication Mobile Social Engineering Marketing 102

Duo's Security Blog

DECEMBER 14, 2023

Ensure access from devices you trust: Reinforce your users by combining strong authentication requirements with device trust policies. Remove passwords from the equation: Duo’s Passwordless solution, powered by WebAuthn technology, requires a biometric at login, rather than a password. If it is, access is granted.

Social Engineering 111

Social Engineering Engineering Phishing Passwords 111

CyberSecurity Insiders

FEBRUARY 12, 2021

This blog was written in collaboration with Jean-Paul Truong. T he importance of having robust data security and authentication processes has never been higher. T he Secredas Project : Advancing technolog ies for co nnected and automated vehicles .

IoT 84

IoT Architecture Authentication Technology 84

Krebs on Security

DECEMBER 4, 2018

I asked if this notice had been sent to everyone, and inquired whether ShareFile offers any form(s) of multi-factor authentication options that customers could use to supplement the security of passwords. We did not enforce a password reset on accounts that are using more stringent authentication controls [emphasis added].

Passwords 213

Passwords Authentication Accountability Password Management 213

The Last Watchdog

MAY 20, 2019

Don’t look now, but evidence is mounting that the mobile threats landscape is on the threshold of getting a lot more dicey. This is because mobile services and smartphone functionalities are rapidly expanding, and, as you might expect, cyberattacks targeting mobile devices and services are also rising sharply.

Mobile 138

Mobile Spyware Banking Manufacturing 138

Duo's Security Blog

MARCH 30, 2023

In our last Universal Prompt blog we focused on a few of the security benefits that using it provides. In this blog we’ll get into more of the user experience benefits. Improved User Experience – The Universal Prompt is a major redesign with new styling and a workflow-based authentication experience.

Authentication 53

Authentication Software Risk VPN 53

Google Security

MAY 11, 2022

Posted by Daniel Margolis, Software Engineer, Google Account Security Team Every year, security technologies improve: browsers get better , encryption becomes ubiquitous on the Web , authentication becomes stronger. This blog will deep dive into the method of phishing and how it has evolved today.

Phishing 106

Phishing Scams Authentication Accountability 106

Duo's Security Blog

NOVEMBER 23, 2020

Start with a zero-trust framework that begins at the access request with strong multi-factor authentication (MFA). Duo + FEITIAN We partner with the most innovative enterprise technology vendors, like FEITIAN Technologies , to implement best-in-class security solutions.

Authentication 75

Authentication Passwords Technology Education 75

Malwarebytes

OCTOBER 7, 2021

AbdelKarim Mardini, Group Product Manager for Chrome, and Guemmy Kim, Director of Account Security and Safety, wrote in a blog pos t: 2SV has been core to Google’s own security practices and today we make it seamless for our users with a Google prompt, which requires a simple tap on your mobile device to prove it’s really you trying to sign in.

Passwords 105

Passwords Accountability Authentication Mobile 105

Duo's Security Blog

MAY 12, 2023

Today: Ted Kietzman, a former product marketing manager for Cisco Duo, ponders passwords as a lost cause, the value of feedback for usability, and how passwordless technology is evolving. See the video at the blog post. Or, in the authentication 101, something you know, something you have, something you are. Very secure.

Passwords 52

Passwords Authentication Mobile Technology 52

Thales Cloud Protection & Licensing

DECEMBER 26, 2018

To reach its tipping point, cashless payment technology has come on a long way since the first magnetic stripe card almost 50 years ago. New technologies, particularly in advances in payments, will inevitably bring with them new security concerns. In fact, Alipay overtook PayPal as the world’s largest mobile payment platform in 2013.

Mobile 100

Mobile Technology Retail Authentication 100

Security Boulevard

FEBRUARY 21, 2024

Every time you send a mobile payment, search for airline flight prices, or book a restaurant reservation - you are using an API. In this blog, we will explain the unique data security challenges for Telcos and three ways how both Thales and Red Hat can help them protect against future API attacks.

Encryption 64

Encryption Mobile Government Consumer Protection 64

Thales Cloud Protection & Licensing

MARCH 6, 2020

Disconnecting from your mobile device, laptop or tablet can be as good as a holiday. Technology such as encryption will provide the last and most important layer of defense for data, rendering it useless if hackers break in. Two-factor authentication requires an extra layer of information beyond simple user names and passwords.

Encryption 130

Encryption Authentication Passwords CISO 130

CyberSecurity Insiders

MARCH 16, 2021

In this blog, we focus on a few aspects which are essential to ensuring robust connectivity and security within connected vehicles including cellular connectivity, security-by-design, digital identity, regulation and lifecycle management. Technologies that enable connectivity in cars. Why cellular? The role of eSIM.

Manufacturing 115

Manufacturing IoT Technology Cybersecurity 115

CyberSecurity Insiders

JULY 8, 2021

As we stated in a previous blog , biometric bank cards are a strong trend defining the future of payments. However, as a relatively new technology, you may have some questions about biometric cards. However, as a relatively new technology, you may have some questions about biometric cards. How do they work? Are they easy to use?

Banking 110

Banking Authentication Technology Mobile 110

Thales Cloud Protection & Licensing

NOVEMBER 22, 2017

In addition, the increasing speed of technology innovation has lead to a broader diversity of payment methods in recent years with new platforms for mobile payments continuing to be deployed. Enable multi-factor authentication – more and more online services and apps require multi-factor authentication. Happy (and safe!)

Risk 90

Risk Retail Digital transformation Authentication 90

CyberSecurity Insiders

JULY 6, 2021

In our previous blog on this topic, we looked into how a virtual network infrastructure, combined with the use of an unprecedented volume of data, and the introduction of the IoT on 5G networks, all posed a significant challenge to mobile operators in their desire to create secure 5G. Meeting Rising Customer Onboarding Expectations.

Mobile 101

Mobile Internet Internet IoT 101