Duo's Security Blog

AUGUST 16, 2021

“There are primarily three ways you can authenticate someone: with their username and password, with two-factor authentication, and with a company-supplied device that you can trace. For most stuff, you should have two of those things. For critical things, you should have all three.”.

Authentication 97

Authentication Data breaches Encryption Retail 97

Security Boulevard

APRIL 7, 2022

However, there is a drawback with TLS: TLS guarantees authenticity but by default this only happens in one direction: the client authenticates the server, but the server doesn’t authenticate the client. This is where mTLS comes useful—mTLS makes the authenticity symmetric. What is mutual TLS authentication?

Authentication 52

Authentication Encryption Digital transformation 52

Security Boulevard

JULY 19, 2022

Authenticate your K8s clusters with machine identities. The primary access point for a Kubernetes cluster is the Kubernetes API, therefore we need to authenticate and authorize both developers and services accessing the API. API authentication. API authentication covers both humans and clients accessing the API.

Authentication 52

Authentication Digital transformation Risk Engineering 52

Security Boulevard

APRIL 29, 2024

PSD3 sets out more extensive Strong Customer Authentication (SCA) regulations and stricter rules on access to payment systems and account information and introduces additional safeguards against fraud. Download our handy eBook, How Thales Helps Meet Compliance Requirements in Europe , or contact us to schedule a consultation.

Risk 70

Risk Manufacturing Cybersecurity Digital transformation 70

Thales Cloud Protection & Licensing

FEBRUARY 1, 2024

Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Lillian knew that a shift in authentication couldn't wait. FIDO is an overarching framework for secure and passwordless authentication.

Authentication 138

Authentication Passwords CISO Password Management 138

Thales Cloud Protection & Licensing

FEBRUARY 1, 2023

Access Management and Authentication solutions protect sensitive data by enforcing the appropriate access controls when users log into applications that store sensitive data. Access to protected data can be granted or revoked at any time based on well-defined policies, and all activity is logged for auditing and reporting.

Encryption 71

Encryption Data breaches Authentication Risk 71

IT Security Guru

JANUARY 28, 2021

Do encourage your company to engage with multi-factor authentication (MFA) , which gives you multiple layers of protection: Only 36% of respondents suggested that MFA had been implemented. . To see the full results of this remote work survey, download the eBook. About the survey.

Data privacy 73

Data privacy Data breaches Authentication Passwords 73

Duo's Security Blog

APRIL 29, 2021

Compliance with corporate device health policy can be enforced each time the user attempts to authenticate. When deployed in this mode, the Device Health app will simply collect health data and report it back at each authentication when the application is installed on the access device.

Authentication 55

Authentication Encryption Firewall Risk 55

Security Boulevard

MAY 9, 2022

Use multifactor authentication where possible. eBook: The Definitive Guide to AI and Automation Powered Detection and Response. Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (e.g., hard drive, storage device, the cloud).

Ransomware 98

Ransomware Antivirus Backups Passwords 98

Security Boulevard

MARCH 15, 2022

A few days later, Lapsus$ announced on its Telegram channel that it had breached Samsung and offered evidence including biometric authentication information and source code from both Samsung and one of its suppliers, Qualcomm. Read our free eBook! "> Off. But first things first. UTM Medium. UTM Source. UTM Campaign.

Ransomware 126

Ransomware Telecommunications Firmware Media 126

Duo's Security Blog

DECEMBER 7, 2022

MFA is a necessity, not a luxury There is a good reason that nearly every cyber liability insurance carrier requires multi-factor authentication (MFA) and why, according to wholesale specialty insurance distributors CRC Group , clients without MFA risk non-renewal or a retention hike of 100% or more. What are you doing about backups?

Insurance 75

Insurance Cyber Insurance Ransomware Risk 75

Security Boulevard

FEBRUARY 1, 2024

Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Lillian knew that a shift in authentication couldn't wait. FIDO is an overarching framework for secure and passwordless authentication.

Authentication 62

Authentication Passwords CISO Password Management 62

Cisco Security

JANUARY 10, 2023

For more on where to start check out our eBook which explores the five phases to achieving zero trust, and if you have already embarked on the journey, read our recently published Guide to Zero Trust Maturity to help you find quick wins along the way. Don’t sleep on the impact of MFA Fatigue. Third party dependency.

CISO 125

CISO Insurance Cyber Insurance Phishing 125

CyberSecurity Insiders

APRIL 4, 2023

Additionally, NFTs and eBooks are also suitable for money laundering. They may use methods such as pretending to be the rightful owner (social engineering) and calling the card company's call center to confirm the limit, disabling the one-time password authentication required for card use, or using other social engineering tactics.

Phishing 67

Phishing Social Engineering Authentication eCommerce 67

Malwarebytes

AUGUST 31, 2022

After creating your child’s Apple ID, enable two-factor authentication (2FA) for that added layer of security, ensuring that your child’s account won’t get popped easily even if someone got hold of their password. Set up your child’s own Apple ID. Disable or hide features you deem off-limits or unnecessary.

Accountability 97

Accountability Scams Risk Authentication 97

Security Boulevard

OCTOBER 7, 2022

With top PKI security , your business will be able to stand out to customers as a brand that provides unparalleled protection for their safety and identity through reliable encryption and authentication technologies. Read the FREE eBook. "> Off. Reduce risk and achieve compliance. Are you making any of these common PKI mistakes?

CISO 52

CISO Risk Cyber Attacks Technology 52

Security Boulevard

JUNE 2, 2022

When properly protected, code signing is an effective tool to stop the spread of malware, and nearly every organization relies on code signing to confirm their code is authentic and hasn’t been corrupted with malware. Download the eBook to learn more. Why do cybercriminals target code signing keys? UTM Medium. UTM Source.

Software 52

Software Malware Backups Marketing 52

Cisco Security

OCTOBER 6, 2021

A trusting culture starts with authenticity from the most influential person in the group – the “leader.” For even more expert tips, stories, and insights, download Cisco’s new eBook, “ Creating Safe Spaces: Leaders and Practitioners on Mental Health and Avoiding Burnout.”. Helen Patton | Advisory CISO at Cisco.

Cybersecurity 102

Cybersecurity CISO InfoSec Media 102

Malwarebytes

OCTOBER 27, 2022

And this is why things like patching, two-factor authentication, and multi-vector Endpoint Protection (EP) are so important,” Stockley said. Get the eBook: Is MDR right for my business? That’s why investing in Managed Detection and Response (MDR) is hugely beneficial for SMBs looking to get a leg-up against RaaS attacks.

Ransomware 82

Ransomware Encryption Software Cyber threats 82

Cisco Security

NOVEMBER 2, 2022

Going beyond the hype, passwordless authentication is now a reality. Cisco Duo’s passwordless authentication is now generally available across all Duo Editions. “ Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy.

Authentication 105

Authentication Passwords Phishing Mobile 105

NetSpi Technical

NOVEMBER 2, 2023

To understand the vulnerability, there are a few things to understand about the Entra ID authentication flow. Within any Entra ID environment, there are numerous cloud applications that are leveraged when a user authenticates. This odd load-time behavior is what alerted me to the potential for an MFA bypass.

Authentication 143

Authentication Accountability Social Engineering Penetration Testing 143

Duo's Security Blog

JULY 6, 2023

Today we will discuss the survey makeup, review key results and explain why Duo’s Passwordless technology is well positioned to meet enterprise authentication needs highlighted in the study. Workforce authentication failures are common and MFA is still not mandatory Duo has always focused on meeting customers where they are.

Authentication 61

Authentication Passwords Risk Technology 61

The Last Watchdog

JUNE 21, 2023

. – June 21, 2023 – Axiad , a leading provider of organization-wide passwordless orchestration, today announced the results of its Passwordless Authentication survey fielded by Enterprise Research Group (ERG), a full-service market research company. and Canada were surveyed.

Authentication 140

Authentication Social Engineering Passwords Phishing 140

Duo's Security Blog

FEBRUARY 13, 2023

And for more information on protecting against ransomware, be sure to check out our ebook: Protecting Against Ransomware: Zero Trust Security for a Modern Workforce. Mitigating ransomware attacks using MFA Multi-factor authentication (MFA) is very effective at protecting credentials and limiting attackers’ access to company resources.

Ransomware 86

Ransomware Insurance Authentication Passwords 86

Duo's Security Blog

JUNE 27, 2023

Multi-factor authentication (MFA) is a critical component of their security program, but the solution that was packaged with the existing enterprise suite did not meet the requirements of the IT security team. Cyber attackers are increasingly targeting gaps in weaker multi-factor authentication implementations.

Ransomware 73

Ransomware Healthcare Phishing Authentication 73

Duo's Security Blog

DECEMBER 12, 2022

And in our ebook, Retail Cybersecurity: The Journey to Zero Trust , we share ways that Duo can help retailers improve their security posture. Add a passwordless authentication factor like a biometric and block attempts at access. Get started by downloading our ebook, Retail Cybersecurity: The Journey to Zero Trust , today.

Retail 77

Retail Cyber threats Social Engineering Data breaches 77

Security Boulevard

OCTOBER 2, 2023

Download: How to Stop Phishing Attacks with Protective DNS An Evolving Threat Requires Adaptive Defenses While phishing methods are constantly evolving, common attack vectors include: Spear phishing - Highly targeted emails personalized with researched details to appear authentic. Often used to compromise executive and privileged accounts.

DNS 62

DNS Phishing Social Engineering Engineering 62

Security Boulevard

MAY 12, 2022

SPIFFE solves the problem of workload authentication in diverse environments. Access control, secrets management, and identity are all dependent on each other,” states the SPIFFE eBook. Adopting SPIFFE allows you to mutually authenticate systems wherever they are running. That is where SPIFFE comes in. Principles of SPIFEE.

Architecture 52

Architecture Authentication Data breaches Software 52

Thales Cloud Protection & Licensing

SEPTEMBER 10, 2019

Additionally, 58% of the data security leaders surveyed indicated that multi-factor authentication was the most likely technology to protect cloud and web-based apps. In addition, for more information on how you can secure access to your cloud services and applications, please download our eBook, Four Steps to Cloud Access Management.

Consumer Services 115

Consumer Services Authentication Passwords Technology 115

Security Boulevard

DECEMBER 6, 2021

Give customers the choice of authenticating via social identity providers, such as Facebook or Google, with one click. Reduce security risks by integrating context-driven authentication and authorization across mobile customer journeys to strengthen brand loyalty. . Strengthen Security to Build Loyalty .

Retail 52

Retail Mobile Authentication Risk 52

Thales Cloud Protection & Licensing

MAY 6, 2021

As such, this year’s World Password Day is in fact a timely reminder for businesses to drop passwords forever, and instead rollout access management solutions such as passwordless authentication. Micro-segmentation needs to be the default network set up and multi-factor authentication needs to become as common as a strong passphrase.

Social Engineering 96

Social Engineering Authentication Passwords Technology 96

Security Boulevard

JUNE 21, 2021

Other attack tactics include exploiting overprovisioned workforce, supplier, and partner credentials to gain access to ecosystem applications; weak authentication policies; and gaining access through unsecured non-human identities, such as Internet of Things (IoT)-connected devices. Lesson 3: Strengthen Authentication.

Manufacturing 59

Manufacturing IoT CISO Authentication 59

Security Boulevard

JUNE 21, 2022

Selecting a cloud vendor to help host your identity-related functions — such as user authentication, authorization, single sign-on, federation, and identity management — can be a business booster and a way to streamline efficiencies. Threatpost Cloud Security, The Forecast for 2022, eBook, page 26. Watch the full video here.

Backups 107

Backups eCommerce Authentication Passwords 107

Thales Cloud Protection & Licensing

MARCH 31, 2021

There are two major considerations for us: enhanced authentication security, and user workflow efficiency. “In In the case of user efficiency, now with a full remote workflow for user authentication, all devices are authenticating over an enterprise VPN client. Justin Sherman, Tech Policy and Geopolitics Expert.

Digital transformation 77

Digital transformation VPN Technology Architecture 77

Duo's Security Blog

MAY 10, 2023

Effectively protecting complex networks against sophisticated phishing attacks involves a comprehensive security stack including multi-factor authentication (MFA) , single sign-on (SSO) , and domain name system (DNS) security. Then, check out our ebook Duo for Essential Eight to see how Duo fits into an Essential Eight security strategy.

Phishing 54

Phishing DNS Authentication Risk 54

Thales Cloud Protection & Licensing

JUNE 27, 2022

Download our latest eBook How to Accelerate Government Transformation by Reducing Risk, Complexity, and Cost, where we describe how Thales can help government agencies reduce risk of cyberattacks and the complexity and cost of cyber security, while continuing to adopt innovations such as cloud, big data, AI, and IoT.

Government 71

Government Risk Artificial Intelligence Big data 71

CyberSecurity Insiders

JUNE 24, 2021

Today, biometric authentication is a constant feature in our lives, with many smartphones utilising facial or fingerprint recognition as a security measure. To find out more, read Thales’ recent eBook on digital identity. Six years later, the world’s largest biometric digital ID system, called the Aadhaar system, launched in India.

Computers and Electronics 115

Computers and Electronics Passwords Technology Government 115