Blog - Cyber Security Informer

Despite all the advice, 97.7% of Twitter users have still not enabled two-factor authentication

Graham Cluley

JULY 27, 2021

Twitter has revealed that the vast majority of its users have ignored advice to protect their accounts with two-factor authentication (2FA) - one of the simplest ways to harden account security. Read more in my article on the Hot for Security blog.

Authentication

Authentication Account Security Accountability Phishing

All GitHub Users Will Need to Enable 2FA by the End of 2023

Heimadal Security

DECEMBER 20, 2022

GitHub recently announced that it will require all users who contribute with code on the platform to enable two-factor authentification over the course of 2023. Two-factor authentication (2FA) makes accounts safer by adding an extra step that requires entering a one-time code during the login process.

Accountability

Accountability Authentication Cybersecurity

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. The OTP interception service featured earlier this year — Otp[.]agency

Passwords

Passwords Mobile Authentication Banking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

The Strengths and Weaknesses of MFA Methods Against Cyberattacks: Part 3

Duo's Security Blog

FEBRUARY 29, 2024

The choice of authentication methods plays a key role in defending against identity threats. In the first two blogs of this three-part series, we discussed the MFA methods available to users and their strengths and weaknesses in defending against five types of cyberattack. What authentication methods are right for you?

Authentication

Authentication Social Engineering Phishing Software

Cryptocurrency scam attack on Twitter reminds users to check their app connections

The State of Security

MAY 27, 2021

Even if you have chosen a strong, unique password for your online presence and enabled two-factor authentication it's possible that you've overlooked another way in which online criminals could commandeer your social media accounts and spam out a message to your followers.

Cryptocurrency

Cryptocurrency Scams Media Authentication

Strengthening Your Online Security Ahead of Possible Russian Cyberattacks

Heimadal Security

MARCH 23, 2022

We know that users are constantly advised by cybersecurity firms to enable two- or multi-factor authentication and we finally started to learn the importance of doing so. What Is Two-factor […].

Cyber threats

Cyber threats Authentication Cybersecurity

The Front Door Just Got a Lot Harder to Break Into: Announcing Passwordless Authentication for Windows Logon

Duo's Security Blog

MAY 15, 2024

In the world of access management, we have seen wide deployment of multi-factor authentication (MFA) at the point of the Operating System (OS) to invoke the layer of something you know (i.e., See the video at the blog post. a password) and something you have (i.e., a registered device).

Authentication

Authentication Social Engineering Passwords Engineering

Duo’s Proud to Announce 2023 Top-Rated Award by TrustRadius

Duo's Security Blog

NOVEMBER 10, 2023

10 and over 250 reviews, Duo is honored to share that we won the 2023 TrustRadius Top Rated Award for Authentication. Duo’s Multi-Factor Authentication solution combines multiple authentication factors to provide simple ways to protect users. With a score of 9.3/10

Authentication

Authentication Education Accountability Technology

Google Creates “Phishing Quiz” for Better Cyber Hygiene

Adam Levin

JANUARY 23, 2019

We’ve studied the latest techniques attackers use, and designed the quiz to teach people how to spot them,” wrote Jigsaw product manager Justin Henck in a blog announcement. The best protection against phishing is two-factor authentication.

Phishing

Phishing Authentication Accountability Passwords

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

The Last Watchdog

FEBRUARY 3, 2022

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. Only a dozen or so of my accounts get authenticated via self-hosted services. Sharing protocols.

Authentication

Authentication Passwords Accountability Technology

Cybersecurity Awareness Month 2022: Enabling Multi-factor Authentication Key behavior: Multi-factor Authentication

NSTIC

OCTOBER 3, 2022

In celebration of Cybersecurity Awareness Month, NIST will be publishing a dedicated blog series throughout October; we will be sharing blogs each week that will match up to four key behaviors identified by the National Cybersecurity Alliance (NCA).

Authentication

Authentication Cybersecurity Passwords

23andMe says, er, actually some genetic and health data might have been accessed in recent breach

Malwarebytes

DECEMBER 4, 2023

When the breach was first announced, 23andMe urged its users to ensure they have strong passwords, to avoid reusing passwords from other sites, and to enable multi-factor authentication (MFA). Enable two-factor authentication (2FA). And it looks as if they listened to us.

Passwords

Passwords Identity Theft Accountability Data breaches

GUEST ESSAY: ‘Continuous authentication’ is driving passwordless sessions into the mainstream

The Last Watchdog

DECEMBER 6, 2022

Much more effective authentication is needed to help protect our digital environment – and make user sessions smoother and much more secure. Underscoring this trend, Uber was recently hacked — through its authentication system. The best possible answer is coming from biometrics-based passwordless, continuous authentication.

Authentication

Authentication Healthcare Artificial Intelligence Passwords

From Base Camp to Summit: Climbing from AD FS to Duo SSO

Duo's Security Blog

JANUARY 11, 2024

Duo SSO is the linchpin to our streamlined authentication experience in which users authenticate once at the start of their day and forget that Duo is there as we securely and automatically sign them into the rest of their Duo applications. support and two-factor authentication.

Authentication

Authentication Cybersecurity Architecture Accountability

U.K. Cyber Thug “PlugwalkJoe” Gets 5 Years in Prison

Krebs on Security

JUNE 27, 2023

But O’Connor also pleaded guilty in a separate investigation involving a years-long spree of cyberstalking and cryptocurrency theft enabled by “ SIM swapping ,” a crime wherein fraudsters trick a mobile provider into diverting a customer’s phone calls and text messages to a device they control. million. .

Cryptocurrency

Cryptocurrency Accountability Mobile Hacking

Ubiquiti Networks Security Breach was catastrophic, whistleblower says

Heimadal Security

MARCH 31, 2021

On the 11th of January, the networking equipment and Internet of Things (IoT) devices provider started to send out emails to customers informing them of a recent security breach, and asking them to change their passwords and to enable two-factor authentication (2FA).

Network Security

Network Security IoT Authentication Passwords

Why TOTP Won’t Cut It (And What to Consider Instead)

NetSpi Technical

JANUARY 18, 2024

Time-Based One-Time Password (TOTP) Time-Based One-Time Password (TOTP) is a common two-factor authentication (2FA) mechanism used across the internet. During authentication, the secret is used in combination with the time in a cryptographic hash function to produce a secure 6-digit passcode. But then it struck me.

Authentication

Authentication Passwords Accountability Penetration Testing

The State of Passwordless in the Enterprise

Duo's Security Blog

JULY 6, 2023

Today we will discuss the survey makeup, review key results and explain why Duo’s Passwordless technology is well positioned to meet enterprise authentication needs highlighted in the study. Yet, enterprises are faced with a trade-off between enabling a great user experience and deploying strong security.

Authentication

Authentication Passwords Risk Technology

Involved in a data breach? Here’s what you need to know

Malwarebytes

SEPTEMBER 20, 2023

Organizations often put out a rolling statement on their website, blog, or X (Twitter). Enable multi-factor authentication Multi-factor authentication (MFA) adds an extra layer of security when logging in to your online accounts, and stops anyone from logging in with just your password.

Data breaches

Data breaches Passwords Authentication Phishing

3 Steps to Prevent a Case of Compromised Credentials

Duo's Security Blog

MAY 23, 2023

Passwords are a weak point in modern-day secure authentication practices, with Verizon highlighting that almost 50% of breaches start with compromised credentials. In our previous two features, we covered the dangers of phishing (one method of credential compromise) and how to mitigate its impact on users.

Authentication

Authentication Passwords Data breaches Phishing

Citrix Duo Universal Prompt Is the Interface to Guard Against Increasingly Sophisticated Application Threat Vectors

Duo's Security Blog

MAY 17, 2023

The Universal Prompt is Duo's next-generation authentication interface that delivers a better experience for every user. Simplify Secure Access – Modernizing security can be disruptive for users, but Universal Prompt makes it painless with a smooth authentication experience, intuitive web-based design, and several self-service options.

Authentication

Authentication Engineering Education Phishing

Twitter and two-factor authentication: What's changing?

Malwarebytes

FEBRUARY 20, 2023

From March 19, users of Twitter won’t be able to use SMS-based two-factor authentication (2FA) unless they have a subscription to the paid Twitter Blue service. You can still use the authentication app and security key methods. Twitter is making some dramatic shake ups to its currently available security settings.

Authentication

Authentication Phishing Mobile Accountability

What Are Passkeys?

Duo's Security Blog

JUNE 12, 2023

Before we can discuss passkeys, we need to lay some groundwork and discuss authentication, Passwordless and WebAuthn. What is authentication? Authentication is the process of verifying your online identity. We added multi-factor authentication (MFA) – something you know and something you have or are.

Authentication

Authentication Passwords Password Management Phishing

How to Evaluate the Best Access Management Solutions

Duo's Security Blog

AUGUST 3, 2023

Access management solutions, including single sign-on (SSO), multi-factor authentication (MFA), and privileged access management (PAM), can offer a comprehensive defense against threats. This eases the authentication burden on users, only stepping up when risky changes are detected.

Authentication

Authentication Risk Passwords Insurance

Instagram’s New Security Tools are a Welcome Step, But Not Enough

Krebs on Security

AUGUST 29, 2018

On Tuesday, the Facebook -owned social network said it is in the process of rolling out support for third-party authentication apps. New two-factor authentication options Instagram says it is rolling out to users over the next few weeks. Scroll down and tap Two-Factor Authentication.

Authentication

Authentication Mobile Passwords Accountability

The Terminator had it all wrong

Javvad Malik

NOVEMBER 11, 2021

Cloud usage has increased, we’ve seen VPN’s crop up everywhere, and the shiny hotness that is MFA (multi factor authentication). I’ve said it before, and I’ll say it again: Enabling multi-factor authentication makes you 99% less likely to get hacked. Enable MFA!

VPN

VPN Authentication Passwords Scams

Duo Single Sign-On Now Supports More Applications Out-of-the-Box

Duo's Security Blog

JULY 12, 2023

Applications have grown in variety and adoption for over two decades. That is because Duo Single Sign-On (SSO) is enabled on my work account. identity provider (IdP) and OpenID Connect (OIDC) provider (OP) that adds two-factor authentication. SaaS (Software-as-a-Service) adoption is skyrocketing.

Mobile

Mobile Authentication Marketing Passwords

SHARED INTEL: Microsoft discloses how the Nobelium hacking ring engages in routine phishing

The Last Watchdog

JUNE 28, 2021

To help protect against these types of attacks, organizations should enable multi-factor authentication (MFA) on login accounts when available, monitor for brute force attempts and educate users on the importance of password hygiene, such as using unique and strong passwords, in the battle against cyber crime.”.

Hacking

Hacking Phishing Passwords Accountability

Demystifying Duo APIs: Advanced Security with Duo Integrations

Cisco Security

AUGUST 21, 2023

In this blog post, we’ll delve deeper into the potential and versatility of Duo APIs, their applications across industries, and how they can elevate your security posture to new heights. , testing environment, and support resources make it easy for developers to integrate Duo’s security solutions into their zero trust architecture.

Authentication

Authentication Technology Small Business Architecture

Meta Pays Researcher $27K for 2FA Vulnerability Discovery

SecureWorld News

JANUARY 31, 2023

The vulnerability could have allowed malicious threat actors to turn off a user's two-factor authentication (2FA) protection simply by knowing the user's phone number or email address. Meta fixed the bug a month later and paid Mänôz $27,200 for his report.

Accountability

Accountability Authentication Mobile Phishing

Arachnophobic: How Duo Customers Can Respond to CISA’s Report on Scattered Spider

Duo's Security Blog

NOVEMBER 27, 2023

Here are a couple of tools that can help you reduce your risk for some of Scattered Spider’s techniques: SIM Swaps Remove SMS and telephony authentication methods, limiting users to stronger factors like WebAuthn and Verified Duo Push. Enable Muted Push to reduce a threat actor’s ability to catch end user’s attention.

Authentication

Authentication Social Engineering Risk Accountability

Google Sending Security Keys to 10,000 Users at High Risk of Attack

eSecurity Planet

OCTOBER 11, 2021

Company officials also used the first week of October – which is Cybersecurity Awareness Month – to remind users of the company’s plan to enable two-factor authentication by default to many accounts, and that it will enable it for 150 million accounts before the end of 2021.

Risk

Risk Passwords Authentication Accountability

GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers

The Last Watchdog

AUGUST 29, 2022

Without strong, secure passwords or two-factor authentication ( 2FA ) enabled in an organization or startup, it becomes easy for attackers to access stolen credentials on their web and email servers. We’ve shared some helpful guidance on password security at Zigrin Security blog. Authentication bypass.

Hacking

Hacking Passwords Password Management Data breaches

Understanding the New PCI DSS 4.0 Requirements

Duo's Security Blog

AUGUST 1, 2022

There were 60 changes made, with new rules around multi-factor (MFA) being one of the most significant. focuses on developing stronger authentication requirements around NIST Zero Trust Architecture guidelines. A minimum of two of the three factors is required for authentication. DarkReading reports PCI DSS 4.0

Authentication

Authentication Passwords Accountability VPN

T-Minus 365 and Counting! Deploy Universal Prompt to Strengthen Security While Improving User Experience

Duo's Security Blog

MARCH 30, 2023

In our last Universal Prompt blog we focused on a few of the security benefits that using it provides. In this blog we’ll get into more of the user experience benefits. Improved User Experience – The Universal Prompt is a major redesign with new styling and a workflow-based authentication experience.

Authentication

Authentication Software Risk VPN

Making authentication faster than ever: passkeys vs. passwords

Google Security

MAY 5, 2023

Passkeys are a new, passwordless authentication method that offer a convenient authentication experience for sites and apps, using just a fingerprint, face scan or other screen lock. And since passkeys are standardized, a single implementation enables a passwordless experience across browsers and operating systems.

Authentication

Authentication Passwords Technology Password Management

Going Passwordless With py_webauthn

Duo's Security Blog

MARCH 11, 2022

Let’s dive into how you can use Duo’s py_webauthn library to enable passwordless user authentication in your Python server. WebAuthn and Multi-Factor Authentication. Multi-factor authentication is built on the basic tenet, “Something you know, something you have, something you are: pick two.”.

Authentication

Authentication Passwords Architecture Accountability

Hackers Leak 87,000 Fortinet VPN Passwords

eSecurity Planet

SEPTEMBER 9, 2021

Fortinet confirmed the veracity of the hackers’ claims in a blog post today. The network security vendor said the credentials were stolen from systems that remain unpatched against a two-year-old vulnerability – CVE-2018-13379 – or from users who patched that vulnerability but failed to change passwords.

VPN

VPN Passwords Authentication Network Security

10 Effective Ways to Prevent Compromised Credentials

Identity IQ

JULY 17, 2023

In this blog, we provide you with ten actionable ways to safeguard your digital identity, focusing specifically on how to prevent compromised credentials. Enable Two-Factor Authentication Utilize two-factor authentication (2FA) if it is available. How Can Your Credentials Become Compromised?

Identity Theft

Identity Theft Password Management Passwords Authentication

10 Effective Ways to Prevent Compromised Credentials

Identity IQ

JULY 17, 2023

In this blog, we provide you with ten actionable ways to safeguard your digital identity, focusing specifically on how to prevent compromised credentials. Enable Two-Factor Authentication Utilize two-factor authentication (2FA) if it is available. How Can Your Credentials Become Compromised?

Identity Theft

Identity Theft Password Management Passwords Authentication

Hackers Hit WordPress Sites with Malware Redirects

SecureWorld News

NOVEMBER 14, 2022

"The attackers’ spam sites are populated with various random questions and answers found to be scraped from other Q&A sites," Sucuri reported in a blog post. Users must enable two-factor authentication and ensure that all software is up-to-date. Many of them have cryptocurrency and financial themes.".

Malware

Malware Cryptocurrency Engineering Authentication

Beyond Passwords: 2FA, U2F and Google Advanced Protection

Troy Hunt

NOVEMBER 14, 2018

2FA, MFA, 2-Step They may all be familiar, but there are important differences that warrant explanation and we'll start with the acronym we most commonly see: 2FA is two-factor authentication. Adding a second factor typically means either requiring "something that you have" or "something that you are".

Passwords

Passwords Authentication Accountability Mobile

Secure Access to Your Google Chrome Enterprise With Duo

Duo's Security Blog

MARCH 9, 2021

authentication standard. Duo SSO acts as an identity provider (IdP), authenticating your users using existing on-premises Active Directory (AD) or any SAML 2.0 IdP and prompting for two-factor authentication before permitting access to Google Workspace. Follow these simple instructions to help you set things up.

Authentication

Authentication CISO Engineering

Microsoft Expands Passwordless Sign-on to All Accounts

eSecurity Planet

SEPTEMBER 15, 2021

Users can choose among options such as the Microsoft Authenticator app, Windows Hello biometric technology, a security key compatible with the FIDO-2 (Fast Identity Online) standard, or a verification code that can be sent to a phone or email. Google automatically makes account holders use two-factor authentication.

Accountability

Accountability Passwords Authentication Phishing

Despite all the advice, 97.7% of Twitter users have still not enabled two-factor authentication

All GitHub Users Will Need to Enable 2FA by the End of 2023

Webinars

Trending Sources

The Rise of One-Time Password Interception Bots

Webinars

The Strengths and Weaknesses of MFA Methods Against Cyberattacks: Part 3

Cryptocurrency scam attack on Twitter reminds users to check their app connections

Strengthening Your Online Security Ahead of Possible Russian Cyberattacks

The Front Door Just Got a Lot Harder to Break Into: Announcing Passwordless Authentication for Windows Logon

Duo’s Proud to Announce 2023 Top-Rated Award by TrustRadius

Google Creates “Phishing Quiz” for Better Cyber Hygiene

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

Cybersecurity Awareness Month 2022: Enabling Multi-factor Authentication Key behavior: Multi-factor Authentication

23andMe says, er, actually some genetic and health data might have been accessed in recent breach

GUEST ESSAY: ‘Continuous authentication’ is driving passwordless sessions into the mainstream

From Base Camp to Summit: Climbing from AD FS to Duo SSO

U.K. Cyber Thug “PlugwalkJoe” Gets 5 Years in Prison

Ubiquiti Networks Security Breach was catastrophic, whistleblower says

Why TOTP Won’t Cut It (And What to Consider Instead)

The State of Passwordless in the Enterprise

Involved in a data breach? Here’s what you need to know

3 Steps to Prevent a Case of Compromised Credentials

Citrix Duo Universal Prompt Is the Interface to Guard Against Increasingly Sophisticated Application Threat Vectors

Twitter and two-factor authentication: What's changing?

What Are Passkeys?

How to Evaluate the Best Access Management Solutions

Instagram’s New Security Tools are a Welcome Step, But Not Enough

The Terminator had it all wrong

Duo Single Sign-On Now Supports More Applications Out-of-the-Box

SHARED INTEL: Microsoft discloses how the Nobelium hacking ring engages in routine phishing

Demystifying Duo APIs: Advanced Security with Duo Integrations

Meta Pays Researcher $27K for 2FA Vulnerability Discovery

Arachnophobic: How Duo Customers Can Respond to CISA’s Report on Scattered Spider

Google Sending Security Keys to 10,000 Users at High Risk of Attack

GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers

Understanding the New PCI DSS 4.0 Requirements

T-Minus 365 and Counting! Deploy Universal Prompt to Strengthen Security While Improving User Experience

Making authentication faster than ever: passkeys vs. passwords

Going Passwordless With py_webauthn

Hackers Leak 87,000 Fortinet VPN Passwords

10 Effective Ways to Prevent Compromised Credentials

10 Effective Ways to Prevent Compromised Credentials

Hackers Hit WordPress Sites with Malware Redirects

Beyond Passwords: 2FA, U2F and Google Advanced Protection

Secure Access to Your Google Chrome Enterprise With Duo

Microsoft Expands Passwordless Sign-on to All Accounts

Stay Connected